Categories: SecurityWorkspace

Warning Over Fake WordPress ‘Patched’ Plugins

WordPress users have been warned about malicious plugins that claim to offer patches for legitimate add-ons, but actually give outside attackers access to sites based on the platform.

One such plugin, called SEOPressor, allowed the tool’s creator to make themselves admin for the affected site. That would let the attacker do whatever they wanted to the affected site.

Similar backdoor code was found in other add-ons, including Restrict Content Pro and Flat Skin Pack Extension, security firm Sucuri said in a blog post.

WordPress attacks

It later discovered many of the “patched” plugins were found on a site called wplist.org, where a user had uploaded the malicious files in summer 2013. In February and March 2014, similar files were added to the site and its sister website wplocker.com.

“Our conclusion is that this practice of posting plugins containing malicious code is typical for these sites. Moreover, when in their very own comments area people warn about malicious ‘extras’ they have found in the plugins, the admin readily replaces them with ‘retail’ versions,” Sucuri said.

It recommended site owners to avoid downloading any plugins from non-official channels.

“Think about what you install on your server. Any third-party software that you install can do pretty much anything with your site, and in some cases, with your server. Not all functions may be declared,” Sucuri added.

“Many themes and plugins consist of thousands of lines of code and it takes only one line to add a backdoor that can potentially devastate your site. So if you install a plugin or theme, you’d better trust its author and the site where you downloaded it from. On the road between the software developer and you, anyone could potentially make changes.”

Last year, Israeli firm Checkmarx warned of scores of flawed yet hugely popular WordPress add-ons, which could have been exploited by hackers to acquire control over a website.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago