Was cleaning out a couple plugins and themes I no longer use and came across something odd...
It is in the Plugins page under the Drop-ins category.
Says I have 1 Drop-in plugin: object-cache.php APCu Object Cache
That isn't odd - but what IS odd is that the author is Pierre Schmitz (here is his site if you click on his name https://pierre-schmitz.com/), and at the Visit plugin site link it shows "Active installations: Fewer than 10" (https://wordpress.org/plugins/apcu/)
1) Who is this guy?
2) Why do I have a mandatory plugin that has fewer than 10 active installs? I don't know the exact numbers, but I am guessing GoDaddy has more than 10 Managed Wordpress accounts (being facetious) - I would guess this number should be in the 1000s. I would never personally download a plugin with so few active installs... With so few active installs, how do know this guy has the resources to keep info secure?
Solved! Go to Solution.
Thank you for posting. It looks like Pierre is the author of that particular plugin. It's actually listed on the WordPress.org site. I'm not sure why it's listed there in your WordPress, except that it may just be something that's suggested.
I have just had WordFence flag this up as a a Backdoor
I never downloaded the Advanced Plugin as it called on its home page
Do you know why it would be installed in my WordPress site without my permission?
It came to light just after Godaddy updated my site to the latest version of WordPress.
Thanks In Advance for any feedback
How do I get rid of this?
I did not install it You cant see it in your Dashboard you only know it's there if you look at the top of the plugins and see it as a Drop In and I don't like things just dropping in to my site.
Do I need to ftp into my site and remove it that way.
Most Importantly Who Just Dropped It In?
Hi there, was this issue resolved? I have the same concerns. While deactivating a few plugins, this guy just drops in unexpectedly. Would love to know how to better secure my site.
Hi @folise and Everyone. This is actually a file that we put in our Managed WordPress accounts intentionally. It's used to facilitate some of the caching that we use for those accounts. If you look at the code for the file itself, it will also list some of our developers. The plugin doesn't get counted as an install (on the WordPress.org plugin page) is because it's installed into the /wp-content directory. You can see this in the installation instructions for the plugin. Sorry for any confusion.