Categories: SecurityWorkspace

Warning Over Fake WordPress ‘Patched’ Plugins

WordPress users have been warned about malicious plugins that claim to offer patches for legitimate add-ons, but actually give outside attackers access to sites based on the platform.

One such plugin, called SEOPressor, allowed the tool’s creator to make themselves admin for the affected site. That would let the attacker do whatever they wanted to the affected site.

Similar backdoor code was found in other add-ons, including Restrict Content Pro and Flat Skin Pack Extension, security firm Sucuri said in a blog post.

WordPress attacks

It later discovered many of the “patched” plugins were found on a site called wplist.org, where a user had uploaded the malicious files in summer 2013. In February and March 2014, similar files were added to the site and its sister website wplocker.com.

“Our conclusion is that this practice of posting plugins containing malicious code is typical for these sites. Moreover, when in their very own comments area people warn about malicious ‘extras’ they have found in the plugins, the admin readily replaces them with ‘retail’ versions,” Sucuri said.

It recommended site owners to avoid downloading any plugins from non-official channels.

“Think about what you install on your server. Any third-party software that you install can do pretty much anything with your site, and in some cases, with your server. Not all functions may be declared,” Sucuri added.

“Many themes and plugins consist of thousands of lines of code and it takes only one line to add a backdoor that can potentially devastate your site. So if you install a plugin or theme, you’d better trust its author and the site where you downloaded it from. On the road between the software developer and you, anyone could potentially make changes.”

Last year, Israeli firm Checkmarx warned of scores of flawed yet hugely popular WordPress add-ons, which could have been exploited by hackers to acquire control over a website.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Three UK Investigates After Outage Impacted Some 999 Calls

Thursday outage of Three UK network impacts thousands of people, with operator confirming some 999…

1 day ago

CMA Secures Google Commitment To Tackle Fake Reviews

British competition watchdog secures undertaking from Google to tackle fake reviews, as Amazon probe continues

1 day ago

Trump Signs AI ‘Free From Idealogical Bias’ Executive Order

After earlier revoking Biden's AI safety executive order, President Trump signs new executive order to…

1 day ago

OpenAI’s ‘Operator’ Agent Automates Online Tasks

OpenAI launches AI agent called 'Operator' to automatically fill out forms, make restaurant reservations, book…

2 days ago

Pakistan’s Parliament Passes Bill For Strict Control On Social Media

Bill passed to give Pakistani government sweeping controls on social media, but critics argue it…

2 days ago

Indian Tribunal Suspends Meta’s Data Sharing Ban

After Meta had warned that India's data sharing ban could collapse WhatsApp's business model, tribunal…

2 days ago