Ultimate Member virus
In late August, several of our sites fell victim to a security vulnerability in the Ultimate Member plugin. Ultimate Member is a WordPress plugin for creating and managing users and groups and is generally a very reliable and robust plugin, but a flaw was found that hackers took advantage of which enabled them to upload malicious files to the server, from where they could cause havoc.
As soon as it was discovered, the makers of Ultimate Member posted details on their website and updated their plugin to fix the flaw and prevent any further uploads, but for some of our sites and for many others it was too late to prevent the virus from taking hold.
Cleaning the virus took several stages. First we had to update Ultimate Member and delete all virus code in the uploads folder. We then had to perform a search and replace on all files on the server to rid them of any malicious code. The last stage was to perform and search and replace on the database and finally it was gone (and hasn’t returned). Luckily we reacted quickly enough to prevent any of the sites being blacklisted by Google as malicious.
Ultimate Member is a plugin that has been available for around 10 years and currently has over 100,000 active installations. It is a trusted and respected plugin, which goes to show that any web product can fall victim to hackers and viruses. They estimate that 30,000 websites were affected by this attack, so we wern’t alone.
If you notice any odd behaviour or pages being redirected on your site, please let us know as soon as possible.