Categories: SecurityWorkspace

Warning Over Fake WordPress ‘Patched’ Plugins

WordPress users have been warned about malicious plugins that claim to offer patches for legitimate add-ons, but actually give outside attackers access to sites based on the platform.

One such plugin, called SEOPressor, allowed the tool’s creator to make themselves admin for the affected site. That would let the attacker do whatever they wanted to the affected site.

Similar backdoor code was found in other add-ons, including Restrict Content Pro and Flat Skin Pack Extension, security firm Sucuri said in a blog post.

WordPress attacks

It later discovered many of the “patched” plugins were found on a site called wplist.org, where a user had uploaded the malicious files in summer 2013. In February and March 2014, similar files were added to the site and its sister website wplocker.com.

“Our conclusion is that this practice of posting plugins containing malicious code is typical for these sites. Moreover, when in their very own comments area people warn about malicious ‘extras’ they have found in the plugins, the admin readily replaces them with ‘retail’ versions,” Sucuri said.

It recommended site owners to avoid downloading any plugins from non-official channels.

“Think about what you install on your server. Any third-party software that you install can do pretty much anything with your site, and in some cases, with your server. Not all functions may be declared,” Sucuri added.

“Many themes and plugins consist of thousands of lines of code and it takes only one line to add a backdoor that can potentially devastate your site. So if you install a plugin or theme, you’d better trust its author and the site where you downloaded it from. On the road between the software developer and you, anyone could potentially make changes.”

Last year, Israeli firm Checkmarx warned of scores of flawed yet hugely popular WordPress add-ons, which could have been exploited by hackers to acquire control over a website.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

19 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

20 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

21 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago