I reply to all queries on the forums and via email, once per day, Monday to Friday (not weekends).

If you are new here, please see some information on how to ask for support. Thank you!

Reply To: User created fictitious coins

dashed-slug.net Forums General discussion User created fictitious coins Reply To: User created fictitious coins


OK, now I understand your question.

It is not possible for users to add a transaction manually via the plugin. I am not aware of any security vulnerabilities in the plugin that would allow this. If you find any, please let me know.

WordPress is not very secure by default, because it’s a popular platform, and because of plugins of varying quality. You need to work hard to make it secure. Keep updates, only install a small set of reputable plugins, harden the security in other ways, etc.

If a hacker has managed to gain admin access, they can manipulate the database freely. This is why, as I have already mentioned, you must save the access logs immediately after the breach, before they are tampered with. A security analyst can check the logs (web logs and database logs) to see when someone might have inserted a row and from which IP.

As a precaution, because there is no such thing as a secure system, you must always keep a large percent of the user balances in cold storage. This way, in case of a breach, not all funds are stolen. Since even large exchanges with dedicated security teams get hacked routinely, you cannot expect your WordPress installation to be 100% secure. You must take additional precautions. I have added disclaimers about this in the plugin.

If the hacker was not very smart and did not use a relay, then you can use the time and IP you get from the logs to go to the police. I am not an expert in how this works, but this is the general idea.

Hope this helps. Best of luck.

with regards