So I just got this message from WP Engine’s Support Team. For those that are unaware, they monitor security and performance, etc.
Hello from the WP Engine Support team!
I’m reaching out concerning your install [name], which has been detected as sending out a large amount of emails through our default email services.
It appears there is what looks to be a recent, unreported exploit with the geodirectory plugin causing this, as it even occurs with the latest version, 1.6.24.
We would recommend you disable this plugin for now and reach out to the plugin developer on this.
It looks like it’s the “Your friend thought you might be interested in…” emails if that helps. I can provide more details through private messages if you prefer.
This plugin populates one of the most popular pages on my site. I really don’t want to disable this plugin because my client will be super angry.
Any help or guidance can be greatly appreciated.