{"id":4666,"date":"2018-08-29T14:19:34","date_gmt":"2018-08-29T21:19:34","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/blog\/?p=4666"},"modified":"2025-01-22T16:38:24","modified_gmt":"2025-01-22T21:38:24","slug":"attention-wordpress-ultimate-member-plugin-users-new-security-information","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/","title":{"rendered":"ATTENTION: WordPress ‘Ultimate Member’ Plugin Users! New Security Information"},"content":{"rendered":"

\"ATTENTION:<\/p>\n

Our partner security agency, Sucuri, recently shared of a new type of hack<\/a> which has greatly affected many websites who use the WordPress plugin \u2018Ultimate Member\u2019 and who use a tagDiv theme (Newspaper and Newsmag). This hack causes websites to redirect to URLs such as utroro[.]com, murieh[.]space, and unverf[.]com. This hack can also display fake CAPTCHA images which ask you to click \u201cAllow\u201d in your browser\u2019s notification area.<\/p>\n

If your website is currently redirecting to an unknown URL, you could be a victim of this hack. If you suspect that you may indeed be a victim of this hack, make sure you don\u2019t click \u201cAllow\u201d in your browser\u2019s notification area, and follow the instructions below.<\/p>\n

At the time of writing this article, there are around 2,670 estimated infected websites with one of the scripts, and another 2,294 with another of these scripts, totaling around 5,505 total websites. These scripts, cdn.eeduelements[.]com and cdn.allyouwant[.]online, inject further redirect code to the <head> of many PHP, JavaScript, and those containing jQuery files.<\/p>\n

You may ask, shouldn\u2019t my web hosting provider protect me from this hack<\/i>? This type of hack is due to a vulnerability with the Ultimate Member plugin as well as tagDiv themes (Newspaper and Newsmag), so unfortunately, it\u2019s beyond your website hosting provider\u2019s control, as this plugin and themes are directly installed in your hosting.<\/p>\n

How to Prevent It<<\/h2>\n

The first step to protect your website is to take a full backup of your hosting account<\/a> and store it on a local computer or hard drive. This is your first best safeguard, as you can quickly restore your website if anything were to happen.<\/p>\n

The second step is to run all your website updates<\/a>. This includes running and installing all the updates for your themes and plugins. If your website uses the Ultimate Member or any of the tagDiv themes, this is even more important. The development teams of both software has released patches to help prevent the hacks from happening, so installing this update is critical to both preventing this hack from occurring, as well as removing the hack if you are affected.<\/p>\n

The final step is to consider setting up a firewall to protect yourself from an attack on your website. Our partner security company, Sucuri provides an excellent firewall which can block these attacks. Learn more about Sucuri\u2019s firewall<\/a>.<\/p>\n

My Website Is Redirecting, What Should I Do?<\/h2>\n

If your website is redirecting to an unknown page, it could very well be that your website has become infected.<\/p>\n

If you\u2019re using a tagDiv theme<\/b>, security professionals at Sucuri advise that you can possibly remove the malware. They advise that \u201cthe malware can be found and removed in the theme\u2019s admin interface via. Theme panel > ADS > YOUR HEADER AD, or in the \u201cCustom HTML\u201d widget.\u201d If for some reason you\u2019re having troubles with removing the malware that way, they advise that you can clean the serialized code via your WordPress database. Before you attempt at doing this, we recommend that you read more information regarding this on Sucuri\u2019s website<\/a>.<\/p>\n

If you use the Ultimate Member plugin<\/b>, \u201cdelete all PHP files in subdirectories under wp-content\/uploads\/ultimatemember\/temp\/ (for bonus points, disable execution of PHP files in this folder).\u201d<\/p>\n

As Sucuri states<\/a>, \u201cIf a [hacker] bad actor sees that a security issue has been fixed, they will try to create exploits for older versions to target vulnerable sites who haven\u2019t yet patched to the latest available version.\u201d<\/p>\n

For more greater detail regarding this hack, please read the linked article<\/a> and consult Sucuri before removing or deleting website files.<\/p>\n","protected":false},"excerpt":{"rendered":"

Our partner security agency, Sucuri, recently shared of a new type of hack which has greatly affected many websites who use the WordPress plugin \u2018Ultimate Member\u2019 and who use a tagDiv theme (Newspaper and Newsmag). This hack causes websites to redirect to URLs such as utroro[.]com, murieh[.]space, and unverf[.]com. This hack can also display fake Read More ><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[32,211],"tags":[],"class_list":["post-4666","post","type-post","status-publish","format-standard","hentry","category-news","category-wordpress"],"yoast_head":"\nATTENTION WordPress 'Ultimate Member' Plugin Users!<\/title>\n<meta name=\"description\" content=\"Fake CAPTCHAs, redirects to URLs outside of your site, even injecting code into your site! If you use the Ultimate Member plugin you should read this post!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ATTENTION WordPress 'Ultimate Member' Plugin Users!\" \/>\n<meta property=\"og:description\" content=\"Fake CAPTCHAs, redirects to URLs outside of your site, even injecting code into your site! If you use the Ultimate Member plugin you should read this post!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\" \/>\n<meta property=\"article:published_time\" content=\"2018-08-29T21:19:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-22T21:38:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2018\/08\/attentionwp2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1008\" \/>\n\t<meta property=\"og:image:height\" content=\"567\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"InMotion Hosting\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@inmotionhosting\" \/>\n<meta name=\"twitter:site\" content=\"@inmotionhosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"InMotion Hosting\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ATTENTION WordPress 'Ultimate Member' Plugin Users!","description":"Fake CAPTCHAs, redirects to URLs outside of your site, even injecting code into your site! If you use the Ultimate Member plugin you should read this post!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/","og_locale":"en_US","og_type":"article","og_title":"ATTENTION WordPress 'Ultimate Member' Plugin Users!","og_description":"Fake CAPTCHAs, redirects to URLs outside of your site, even injecting code into your site! If you use the Ultimate Member plugin you should read this post!","og_url":"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/","og_site_name":"InMotion Hosting Blog","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting","article_published_time":"2018-08-29T21:19:34+00:00","article_modified_time":"2025-01-22T21:38:24+00:00","og_image":[{"width":1008,"height":567,"url":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2018\/08\/attentionwp2.jpg","type":"image\/jpeg"}],"author":"InMotion Hosting","twitter_card":"summary_large_image","twitter_creator":"@inmotionhosting","twitter_site":"@inmotionhosting","twitter_misc":{"Written by":"InMotion Hosting","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/"},"author":{"name":"InMotion Hosting","@id":"https:\/\/www.inmotionhosting.com\/blog\/#\/schema\/person\/f21a89c83c7697a760c96cfe58e646bc"},"headline":"ATTENTION: WordPress ‘Ultimate Member’ Plugin Users! New Security Information","datePublished":"2018-08-29T21:19:34+00:00","dateModified":"2025-01-22T21:38:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/"},"wordCount":626,"commentCount":0,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2018\/08\/attentionwp2.jpg","articleSection":["News","WordPress Articles"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/","url":"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/","name":"ATTENTION WordPress 'Ultimate Member' Plugin Users!","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/#primaryimage"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2018\/08\/attentionwp2.jpg","datePublished":"2018-08-29T21:19:34+00:00","dateModified":"2025-01-22T21:38:24+00:00","description":"Fake CAPTCHAs, redirects to URLs outside of your site, even injecting code into your site! If you use the Ultimate Member plugin you should read this post!","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/#primaryimage","url":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2018\/08\/attentionwp2.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2018\/08\/attentionwp2.jpg","width":1008,"height":567},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/blog\/attention-wordpress-ultimate-member-plugin-users-new-security-information\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/blog\/"},{"@type":"ListItem","position":2,"name":"News","item":"https:\/\/www.inmotionhosting.com\/blog\/news\/"},{"@type":"ListItem","position":3,"name":"ATTENTION: WordPress ‘Ultimate Member’ Plugin Users! New Security Information"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/blog\/#website","url":"https:\/\/www.inmotionhosting.com\/blog\/","name":"InMotion Hosting Blog","description":"Web Hosting Strategy, Trends and Security","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/blog\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2019\/11\/imh-logo-all-colors-big.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2019\/11\/imh-logo-all-colors-big.jpg","width":1630,"height":430,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting","https:\/\/x.com\/inmotionhosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/blog\/#\/schema\/person\/f21a89c83c7697a760c96cfe58e646bc","name":"InMotion Hosting","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/eb965eada0c0513dd2e1976b21fe270fa4f19ac273960fc080f9d46b81b353a4?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/eb965eada0c0513dd2e1976b21fe270fa4f19ac273960fc080f9d46b81b353a4?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/eb965eada0c0513dd2e1976b21fe270fa4f19ac273960fc080f9d46b81b353a4?s=96&r=g","caption":"InMotion Hosting"},"url":"https:\/\/www.inmotionhosting.com\/blog\/author\/imhmainadmin\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"primary_category":{"id":32,"name":"News","slug":"news","link":"https:\/\/www.inmotionhosting.com\/blog\/news\/"},"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/posts\/4666","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/comments?post=4666"}],"version-history":[{"count":10,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/posts\/4666\/revisions"}],"predecessor-version":[{"id":73233,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/posts\/4666\/revisions\/73233"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/media?parent=4666"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/categories?post=4666"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/tags?post=4666"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}