Conetix has seen increased activity and sites exploited with the PublishPress Capabilities plugin (capability-manager-enhanced for the free version and capabilities-pro for the paid version). To ensure your website is safe, you must be running version 2.3.1 or higher.

Wordfence has written about this recently, as it’s part of a massive attack worldwide against all WordPress sites. As with all WordPress plugins, themes and core we recommend ensuring you have a regimented backup system as well as updates applied at least weekly to mitigate security issues.

If your website has been exploited, here’s the steps you’ll need to take.


  1. Where possible, restore your website and database to a date prior to the attack from backup and immediately patch.
  2. If backups aren’t available, you’ll need to update the plugin and check the following:
    1. Additional WordPress users with Administrator access
    2. Check permissions for new users for your site. In most instances, these users should be Subscriber only and unless you have an eCommerce or membership website user registration should be disabled:
      publishpress capabilities wordpress plugin exploit
  3. Install a security plugin such as Wordfence and run a full scan. It’s likely that you’ll find infected files which Wordfence may or may not be able to cleanup.

We also have further guidance available in our Compromised WordPress Cleanup article.

Conetix also offers this as a cleanup service at no additional cost when upgrading to a Managed WordPress plan.

Was this article helpful?

Related Articles