UpdraftPlus installed malware - scared to download or update plugins now!

A couple months back, I installed UpdraftPlus (free version) on my WordPress.org site. To my horror, immediately afterwards we started getting popups that would redirect to spam sites when you clicked 'Ok'.

I uninstalled UpdraftPlus but the problem persisted. Google yielded a link to someone with a very similar problem - a reply told me where to find any extra files which may have been leftover. Sure enough, in that location I found some UpdraftPlus German language files remaining. As soon as I deleted these, the popups disappeared.

Now I'm in need of a WP backup, but I'm too scared to install another plugin. I'd really like to use UpdraftPlus because it's highly reviewed (and free), but I don't want to go through possible malware issues again.

Has anyone ever encountered this? Any ideas as to what could have happened and what I can do in the future to stay safe? Our WordPress, as well as most of our plugins, need to be updated to the latest versions. So we probably aren't as safe as we could be. But it's best practice to have backups before you update, so I feel I'm in a catch 22.

Topic virus backup spam updates plugins Wordpress

Category Web

1
answered at

It can be time-consuming to 'clean' a WP site, but it can be done with dogged determination. You'll need to reinstall WP/plugins/themes, change hosting and FTP and database credentials, look for rouge files, and more.

This might help http://securitydawg.com/recovering-from-a-hacked-wordpress-site/ (disclosure: I wrote this after people kept asking me about this; it's sort of notes to myself).

1
answered at

You should be able to back up your site through your hosting control panel. This is a better option than adding bloat to your WP install to duplicate functionality you already have elsewhere.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.