[wp-hackers] Hookd? Sketchy Plugin Include

MarciaK marcia at stepping-in-style.com
Tue Jan 3 22:11:03 UTC 2012

Otto <otto <at> ottodestruct.com> writes:

> On Tue, Sep 13, 2011 at 8:18 PM, Jackson Whelan <jw <at> jacksonwhelan.com> 
> > First thing I did was email plugins <at> wordpress.org. Apologies if 
discussing here is out of order.
> Yes, sometimes it takes us longer than a couple hours. :)
> And it's not "out of order", it's just unnecessary. Like security
> problems, we prefer to handle them with the plugin author privately
> first, because in many cases the plugin author was unaware of the
> problem and will act quickly to remedy the issue. No need to publicly
> give somebody a black eye unless they really deserve it.
> > Found another using the same hookd class and emailed plugins <at> 
> Cool deal, thanks!
> -Otto

I'm glad he did post it - I've seen a lot of adds, deletes, changes, file 
permission changes in a directory called wp-content/cache/hookd/ many followed 
by my domain name, but not all of them.  

I'm not a programmer, so I've been trying to figure out what is going on, and 
if I should be concerned, and what steps if any I should be taking. My 
WordPress and all my plugins are current. I have a hit counter "WordPress Hit 
Counter" v2.6 on my site.

I haven't noticed any malicious activity on the customer facing part of my 

Any advice on what I should be doing?


More information about the wp-hackers mailing list