Tutorial News Comments FAQ Related Articles

Fake plugin infects 4,000 WordPress sites.

{{postValue.id}}

wordpress

WordPress, which always has been a target for hackers has now been attacked around 4000 sites with malware which masquerades as a legal search engine optimization plugin to attract web users. This plugin’ s intent is to hide in plain sight appearing to look as a legitimate SEO plugin, at the same time it creates a backdoor to the targeted WordPress account.

“ They have stolen the code from an existing SEO plugin and tweaked it to appear as legitimate. That way, should a WordPress site owner poke around and look for suspicious activity, they might easily overlook it as a legitimate SEO plugin,” said Weston Henry, lead security analyst at security firm SiteLock that found the bogus plugin. The fake WP-Base-SEO plugin is the forgery of the original plugin of WordPress SEO Tools.

SiteLock also added that the cyber attackers are most likely looking for outdated WordPress plugins, particularly from RevSlider. The Revslider is a popular WordPress plugin that has been associated with a number of high profile compromises over the number of years. This fake plugin WP-Base-SEO starts its works when it is being installed and it scans the WordPress sites where the hackers are looking for outdated plugins and WordPress themes.

On closer examination researchers found out that a large number of WordPress sites had an out of date version of RevSlider installed and the plugin was located in /wp-content/plugins/wp-base-seo/wp-seo-main.php. It was also in the form of base64 encoded PHP eval request. So that every time the theme in WordPress is loaded in browser, the request will be initialized and the fake plugin starts working.

This plugin is considered more dangerous not only it compromises the WordPress sites but also it managed to run under the radar of malware scanners. SiteLock urges the critical need of web application security, a malware scanner that will identify vulnerabilities and removes it automatically. And also urges that the site administrators need to maintain an inventory of the plugins that are being in use.

Tags:
Author: 

Comments ( 0 )

No comments available

Frequently asked questions ( 5 )

Q

What is the use of word press?

A

WordPress is, by far, the most popular open source Content Management System (CMS).

Q

Where do the installed plugins locate in Wordpress?

A

On Wordpress, the plugin was located in /wp-content/plugins/wp-base-seo/wp-seo-main.php.

Q

What are the features of Wordpress?

A

The Features of Wordpress are,
Social Sharing Features. ...
Multiple Page Styles. ...
Auto Upgrade and Support. ...
Plenty of Widgets. ...
Theme Customization. ...
SEO.

Q

What attack actually made on WordPress?

A

WordPress, which always has been a target for hackers has now been attacked around 4000 sites with malware which masquerades as a legal search engine optimization plugin to attract web users.

Q

What attacks made by Sitelock in WordPress?

A

SiteLock also added that the cyber attackers are most likely looking for outdated WordPress plugins, particularly from RevSlider. The Revslider is a popular WordPress plugin that has been associated with a number of high profile compromises over the number of years. This fake plugin WP-Base-SEO starts its works when it is being installed and it scans the WordPress sites where the hackers are looking for outdated plugins and WordPress themes.

Back To Top!