In the past month December 2017, WordPress has closed three plugins and banned their Authors permanently from WordPress.org directory because of they contained content-injection backdoors. In this post, I will explain about the WordPress Three Plugins Backdoored to Attack WordPress sites by content-injection backdoors.
Each of plugins is purchased from the previous developer and then they injection backdoors to get the access to their site data. Below is the list of those WordPress plugins:
1) Plugin Name: Duplicate Page and Post
URL: https://wordpress.org/plugins/duplicate-page-and-post/
Active Installs: 50,000+
Current Owner: pluginsforwp (joined WordPress.org July 10, 2017)
Sold Date: August 2017
Removed from WordPress.org date: December 14, 2017
2) No Follow All External Links
URL: https://wordpress.org/plugins/nofollow-all-external-links/
Active Installs: 9,000+
Current Owner: gearpressstudio (joined WordPress.org March 17, 2017)
Sold Date: April 2017
Removed from WordPress.org date: December 19, 2017
3) WP No External Links
URL: https://wordpress.org/plugins/wp-noexternallinks/
Active Installs: 30,000+
Current Owner: steamerdevelopment (joined WordPress.org June 29, 2017)
Sold Date: July 12, 2017
Removed from WordPress.org date: December 22, 2017
If you are still using any of above plugins on your website, then I recommend you to remove them immediately. After that scan your site with Antivirus.
I hope you found this tutorial helpful! Please do like & share this tutorial with your friends and don’t forget to subscribe this blog to get all future updates directly in your email box.
If you like FreeWebMentor and you would like to contribute, you can write an article and mail your article to [email protected] Your article will appear on the FreeWebMentor main page and help other developers.
Article Tags: wordpress security, wordpress security flaws, wordpress security issue, wordpress security problems, wordpress tutorial for beginners, wordpress tutorials, wordpress tutorials for beginners
