WordPress Three Plugins Backdoored to Attack

In the past month December 2017, WordPress has closed three plugins and banned their Authors permanently from WordPress.org directory because of they contained content-injection backdoors. In this post, I will explain about the WordPress Three Plugins Backdoored to Attack WordPress sites by content-injection backdoors.

WordPress Three Plugins Backdoored to Attack

Each of plugins is purchased from the previous developer and then they injection backdoors to get the access to their site data. Below is the list of those WordPress plugins:

1) Plugin Name: Duplicate Page and Post

URL: https://wordpress.org/plugins/duplicate-page-and-post/
Active Installs: 50,000+
Current Owner: pluginsforwp (joined WordPress.org July 10, 2017)
Sold Date: August 2017
Removed from WordPress.org date: December 14, 2017

2) No Follow All External Links

URL: https://wordpress.org/plugins/nofollow-all-external-links/
Active Installs: 9,000+
Current Owner: gearpressstudio (joined WordPress.org March 17, 2017)
Sold Date: April 2017
Removed from WordPress.org date: December 19, 2017

3) WP No External Links

URL: https://wordpress.org/plugins/wp-noexternallinks/
Active Installs: 30,000+
Current Owner: steamerdevelopment (joined WordPress.org June 29, 2017)
Sold Date: July 12, 2017
Removed from WordPress.org date: December 22, 2017

Conclusion

If you are still using any of above plugins on your website, then I recommend you to remove them immediately. After that scan your site with Antivirus.

I hope you found this tutorial helpful! Please do like & share this tutorial with your friends and don’t forget to subscribe this blog to get all future updates directly in your email box.

If you like FreeWebMentor and you would like to contribute, you can write an article and mail your article to [email protected] Your article will appear on the FreeWebMentor main page and help other developers.

Recommended Posts:

• How to create Administrator account using WordPress backdoor
• How to create a backdoor script in WordPress

Prem Tiwari

An engineer by profession and a passionate blogger by heart. Founder of FreeWebMentor.com (A Programming blog for beginners), Tech Speaker at various forums. A part from this he is an open source enthusiast, WordPress Lover, Blogger, SEO, and Growth Strategic.

Article Tags: wordpress security, wordpress security flaws, wordpress security issue, wordpress security problems, wordpress tutorial for beginners, wordpress tutorials, wordpress tutorials for beginners