Scam of the Week: New Malware Coded In Fake WordPress Plugin

47495186 - developer or web designer at work. close-up top view of man working on laptop with wordpress on screen.

As a widely used software for website management, WordPress has millions of customers relying on the system of plugins, widgets and themes to customize anything from personal blogs to business sites. For years, the website’s users have freely downloaded their necessary plugins to design various portions of their sites. This year, however, research has shown that the wide variety of plugins may not be so reliable.

More specifically, at the end of March, SiteLock, a popular security research company, discovered a fake plugin now known as WP-Base-SEO. The plugin mimics the more commonly downloaded WordPress SEO Tool, but functions as a form of malware.

When the plugin is connected, a code with two eval PHP functions is installed, which provides cybercriminals with open access to the user’s WordPress site. The two functions include wp-sep.php and wp-seo-main.php. The latter uses a characteristic WordPress hook functionality to link the PHP eval request to the website theme header, thus offering a back-door for hackers. According to the SiteLock report, some versions of the plugin include another hook that initiates the request every time the theme is loaded in a browser. This means the hacker essentially controls every aspect of the website.

To ensure that your site doesn’t have any malware, delete any suspicious plugins. Additional solutions to secure your WordPress site include updating the WordPress core, themes and plugins to the latest versions, and running a malware scan. To find reputable plugins, administrators should download plugins from the dashboard or search through the plugin directory on WordPress.org.

SHARE