In the past month December 2017, WordPress has closed three plugins and banned their Authors permanently from WordPress.org directory because of they contained content-injection backdoors. In this post, I will explain about the WordPress Three Plugins Backdoored to Attack WordPress sites by content-injection backdoors.
Each of plugins is purchased from the previous developer and then they injection backdoors to get the access to their site data. Below is the list of those WordPress plugins:
1) Plugin Name: Duplicate Page and Post
Active Installs: 50,000+
Current Owner: pluginsforwp (joined WordPress.org July 10, 2017)
Sold Date: August 2017
Removed from WordPress.org date: December 14, 2017
Active Installs: 9,000+
Current Owner: gearpressstudio (joined WordPress.org March 17, 2017)
Sold Date: April 2017
Removed from WordPress.org date: December 19, 2017
3) WP No External Links
Active Installs: 30,000+
Current Owner: steamerdevelopment (joined WordPress.org June 29, 2017)
Sold Date: July 12, 2017
Removed from WordPress.org date: December 22, 2017
If you are still using any of above plugins on your website, then I recommend you to remove them immediately. After that scan your site with Antivirus.
I hope you found this tutorial helpful! Please do like & share this tutorial with your friends and don’t forget to subscribe this blog to get all future updates directly in your email box.
Prem Tiwari is the founder of FreeWebMentor.com and also a professional developer who has vast experience in PHP and open source technologies. Apart from this, he is a blogger by hobby and also he has been a regular speaker of WordPress sessions in various IT Companies. View all posts by Prem Tiwari