Categories: SecurityWorkspace

Warning Over Fake WordPress ‘Patched’ Plugins

WordPress users have been warned about malicious plugins that claim to offer patches for legitimate add-ons, but actually give outside attackers access to sites based on the platform.

One such plugin, called SEOPressor, allowed the tool’s creator to make themselves admin for the affected site. That would let the attacker do whatever they wanted to the affected site.

Similar backdoor code was found in other add-ons, including Restrict Content Pro and Flat Skin Pack Extension, security firm Sucuri said in a blog post.

WordPress attacks

It later discovered many of the “patched” plugins were found on a site called wplist.org, where a user had uploaded the malicious files in summer 2013. In February and March 2014, similar files were added to the site and its sister website wplocker.com.

“Our conclusion is that this practice of posting plugins containing malicious code is typical for these sites. Moreover, when in their very own comments area people warn about malicious ‘extras’ they have found in the plugins, the admin readily replaces them with ‘retail’ versions,” Sucuri said.

It recommended site owners to avoid downloading any plugins from non-official channels.

“Think about what you install on your server. Any third-party software that you install can do pretty much anything with your site, and in some cases, with your server. Not all functions may be declared,” Sucuri added.

“Many themes and plugins consist of thousands of lines of code and it takes only one line to add a backdoor that can potentially devastate your site. So if you install a plugin or theme, you’d better trust its author and the site where you downloaded it from. On the road between the software developer and you, anyone could potentially make changes.”

Last year, Israeli firm Checkmarx warned of scores of flawed yet hugely popular WordPress add-ons, which could have been exploited by hackers to acquire control over a website.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

13 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

16 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

17 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

18 hours ago