WordFence Scan Shows Critical Errors with LDAP

  • Adam
    # 2 months, 3 weeks ago

    We are having some issues with Google Adwords and malicious errors. We have not been able to find any, so installed WordFence Plugin and ran scans. All it found was the following Critical Errors, can you confirm that these are not errors and the code is normal?

    Filename: wp-content/plugins/ldap-login-for-intranet-sites/class-mo-ldap-customer-setup.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: \x3c\x61\40\x68\162\x65\146\75\x22\150\x74\164\x70

    The issue type is: Suspicious:PHP/spamLink.5447
    Description: PHP based obfuscated backlink.

    and it also found:

    Filename: wp-content/plugins/ldap-login-for-intranet-sites/wpldaplogin.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: \x3c\x61\40\x68\162\145\x66\x3d\x22\x68\x74\x74\160

    The issue type is: Suspicious:PHP/spamLink.5447
    Description: PHP based obfuscated backlink.

    Gaurav Sood
    # 2 months, 2 weeks ago

    Can you share what version of the plugin you are on? There are no back-links in the latest version. Also, this is just plugin obfuscation and is not anything malicious. You can whitelist the plugin folder in WordFence to prevent further issues.

Viewing 2 posts - 1 through 2 (of 2 total)

Reply