• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved where does Plesk download wordpress from?

R

Richard Follett

Basic Pleskian
When I install WP via featured applications it installs ok

then when I check files with a scanner it picks up non wordpress files - hence my question?
 
Hi Richard,

Plesk uses WordPress APS package to install WordPress. This package contains vanilla WordPress with translations to multiple languages supported by Plesk and some meta-information (WordPress system requirements, etc). It also contains Akismet and Hello Dolly plugins (both default).
 
ok thanks for your help. The only reason I ask is that went I do an install it seems to add these files which are not WP standard in 4.5.3 ?

added - wp-admin/includes/upgrade.php.orig

added - wp-admin/plugin-uploader.php

added - wp-admin/theme-uploader.php

added - wp-admin/uploader/pclzip.lib.php

added - wp-admin/uploader/upload.php

changed - wp-includes/functions.php.orig
 
I think this is a major issue - wordpress application installs from plesk dashboard are installing infected versions of Wordpress??
 
Richard Follett said:
I think this is a major issue - wordpress application installs from plesk dashboard are installing infected versions of Wordpress??
Click to expand...
Guessing is wonderfull, but does not help to investigate issues/problems/failures.

What makes you think, that a file is "infected"? Post the file in question as TXT here at the forum, please, so that people willing to help you can investigate the issue.
If you have files, which contain endings like ".orig" or ".bak", then this means, that the ORIGINAL file has been replaced with another one. Consider to post both of the files as TXT then, pls.
 
Hi Richard Follett,

in addition, while I investigate the files, pls provide MORE informations about your server, like server provider, how did you install your server, which operating system, used Plesk version ( incl. MU ), how did you install wordpress... and all other informations, that my help to investigate the root cause.
 
Hi Richard Follett,

all files are not infected in any way. Download the zip - file "https://apscatalog.com/1.2/wordpres...Plesk&os=undefined&platform=undefined" and compare it with the original wordpress zip at "https://wordpress.org/latest.zip".

Investigations:

1549 files exists at the zip - file from the aps.catalog
1347 files exists at the zip - file from wordpress

192 files which are not existent in the zip - file from wordpress ( all are language files )
8 files do not exist:

htdocs\blogs\media\.hidden ( CONTENT = NONE = unexpected file, which may be existent to solve issues with empty folders in wordpress )
htdocs\tmp\.hidden ( CONTENT = NONE = unexpected file, which may be existent to solve issues with empty folders in wordpress

wp-includes\functions.php.orig
wp-admin\includes\upgrade.php.orig

wp-admin\plugin-uploader.php
wp-admin\theme-uploader.php
wp-admin\uploader\upload.php
wp-admin\pclzip.lib.php
and 2 files differ:

wp-admin\includes\upgrade.php
wp--includes\functions.php
Investigations results: The Plesk wordpress version includes another possibility to upload themes and plugins ( see the differences, pls. ). No files are "infected" or what ever you may declare them!
 
Last edited by a moderator:
thanks for your help in looking at this matter..

It still seems very weird to me that there are additional files in the Plesk version...

Since my server was hacked and I have lost my business and loads of money I trust nothing now.... sad
 
Hi Richard Follett,

I'm sorry to read that, but you can be sure that the root cause of your "hacked server" is definetly not the wordpress - app from the aps - catalogue.
 
Sidenote: we're reviewing the contents of WordPress APS package and we'd like to remove all unnecessary files from it, making it as close as possible to vanilla WordPress distribution. You can expect the changes to be available in one of the upcoming WordPress APS package releases.
 
custer said:
Sidenote: we're reviewing the contents of WordPress APS package and we'd like to remove all unnecessary files from it, making it as close as possible to vanilla WordPress distribution. You can expect the changes to be available in one of the upcoming WordPress APS package releases.
Click to expand...

Thank you for the update
 
You must log in or register to reply here.

Similar threads

S
I can't install Wordpress with Wp Toolkit
Replies
1
Views
774
vbelozerov
V
T
Issue WP Toolkit incorrect vulnerability and version reports
Replies
4
Views
781
TurnRound
T
A
Issue Emails are not reaching the recipients
Replies
1
Views
889
Sebahat.hadzhi
Sebahat.hadzhi
M
File not found (wp-login.php)
Replies
1
Views
484
Sebahat.hadzhi
Sebahat.hadzhi
R
Issue Error getting administrator credentials: PHP Fatal error: Call to undefined function WC_CLI_Runner::after_wp_load()
Replies
1
Views
502
Evgeny
E
Back
Top