This is the technical support forum for WPML - the multilingual WordPress plugin.
Everyone can read, but only WPML clients can post here. WPML team is replying on the forum 6 days per week, 22 hours per day.
Our wait time is higher than usual, please make sure you are meeting the minimum requirement - https://wpml.org/home/minimum-requirements before you report issues, and if you can take a look at current Known Issues - https://wpml.org/known-issues/. Thank you.
Background of the issue:
I am trying to deploy websites on Alibaba Cloud servers. Recently, Alibaba Cloud reported that many websites have WebShell. The issue is related to files in the wp-content/plugins/sitepress-multilingual-cms/vendor/otgs/installer/includes/utilities/FP/Logic.php and wp-content/plugins/otgs-installer-plugin/vendor/otgs/installer/includes/utilities/FP/Logic.php with MD5: 5889f0565aee3c571662e180e21c44bb.
Symptoms:
Alibaba Cloud reported Trojan files with malicious behavior tags such as uncertain value defense bypass, branch defense bypass, and arbitrary PHP code execution.
Languages: English (English )German (Deutsch )French (Français )
Timezone: Europe/Zagreb (GMT+02:00)
Hi,
Thank you for contacting WPML support!
I am checking this with our 2nd tier. Apart from our the above screenshots, is there maybe additional info on the exact code parts that are reported as being malicious?
Can you please update what's the status about this? It's been a month, and we keep receiving warning from the hosting provider, but didn't see any fix from your team.
Languages: English (English )German (Deutsch )French (Français )
Timezone: Europe/Zagreb (GMT+02:00)
Our team of developers is actively working on this issue. However, it is quite complex and is planned to be addressed in WPML version 4.7.
Currently, 4.7 is in its Beta 1 phase and is not recommended for production sites. Unfortunately, the solution for this issue is not included in the beta version.
At this time, I’m unable to provide specific dates for when this will be fixed, as it depends on the release timeline for version 4.7, which has not been finalized yet.
I am a developer from the WPML Team, and I am currently working on replicating the issue you reported. However, I need your assistance to proceed further.
Could you please provide detailed steps to reproduce the issue? I have already set up an EC2 Alibaba instance with an enterprise account, with WordPress and WPML installed and configured.
At this point, I need detailed guidance on how to correctly set up and run the web shell detection service. Please provide all the necessary steps to replicate this phase.
We did nothing about it actually, but just install the plugin. I think Aliyun just report that issue via scanning the plugins files. All the wordpress project with WPML plugin got that alert basically.
Languages: English (English )German (Deutsch )French (Français )
Timezone: Europe/Zagreb (GMT+02:00)
We were able to replicate the issue and, based on our investigation, it appears this may be a "false positive" as outlined in Alibaba's documentation. Alibaba also provides guidance on how to manage such warnings, which can be found on hidden link
At this point, we're still determining the best way to suppress or prevent this warning on our end.
