WordPress Tips

Stay current with the latest WordPress news, security updates, insider tips and tricks directly from our team of San Diego WordPress experts.

200K Websites Infected By WordPress Plugin, Custom WordPress Websites More Secure

Sure, a WordPress website is easy to launch. However, hiring a professional web developer to produce a custom WordPress website will ensure greater security from malware and hackers. Although WordPress has robust security continually improved upon by the open source community, recently over 200,000 WordPress websites were infected through a plugin. Many DIYers were hurt by not staying on top of only trusted plugins the way professionals do.

200,000+ WordPress Websites Infected

The malicious plugin allowed spam to be uploaded to an estimated 200,000 websites. While most content management systems (CMSs) allow third-party plugins, you need to be aware of the reputation and quality of the plugin developer.

For instance, a recent WordPress plugin was recently found to be installing backdoors across thousands of websites, which allowed spam to be uploaded onto those sites. The IT security company, WordFence, found that a plugin called Display Widgets – which is a truly harmless sounding name – carried the malicious code, and website owners should remove it immediately. According to WordFence, the author has released at least three versions of the plugin with the malicious code, giving that author the ability to publish content on infected websites. The plugin was downloaded to at least an amazing 200,000 websites, according to the WordPress repository.

According to Mark Maunder, CEO of WordFence, “The authors of this plugin have been using the backdoor to publish spam content to sites running their plugin. During the past three months, the plugin has been removed and readmitted to the WordPress.org plugin repository a total of four times.”

It’s a worthwhile reminder that you need to be meticulous about installing third-party CMS plugins and to stay alert to any unusual activity on their site.

Exposing the Compromised WordPress Plugin

The plugin was originally developed as an open-source plugin by its original author, but then the author sold it to others in June. The new owner immediately released the updated version 2.6.0. WordFence received notification from a UK-based Search Engine Optimization consultant that the widget was installing additional code and downloading data from his server.

Only two days after its release, WordFence removed Display Widgets, but within one week, the new owner released version 2.6.1. This version contained a file called geolocation.php, which no one suspected of malicious code. The code gave the plugin author the capability to post new content to any site running the plugin to a specific URL.

In addition, the new malicious code prevented a logged-in user from seeing the content. On July 1, WordFence once again pulled Display Widget from the WordPress repository, which was then followed by version 2.6.2 on July 6.

Finally, in late July, a user opened a Trac ticket that reported Display Widgets for injecting spammy content onto his website. He attached a link to Google results that tracked the code to the geolocation.php file. In September, version 2.6.3 was released with the same malicious code.

“The authors of the plugin are actively maintaining their malicious code, switching between sources for spam and working to obfuscate (hide) the domain they are fetching spam from,” said Maunder.

Finally, the plugin was permanently removed from the repository on September 8. Maunder continued to investigate and discovered the new buyer was called WP Devs, which purchases old or abandoned plugins. Furthermore, he discovered the company appears to be a single person in the US, with perhaps one other in Eastern Europe.

Hire a Professional WordPress Developer

This is a classic tale. Unless you are an expert in WordPress like NOYO Web Development, you might still have the malicious code messing with your website. If you are a business, this could significantly disrupt your revenue. Contact NOYO Web Development today to discuss how our services can improve your online security.

Our Mission

Since being founded in 2009 our longevity in the web design industry and repeat business is positive proof of our commitment to delivering outstanding results over the years. We’re a dynamic team of problem solvers and critical thinkers who enjoy a challenge which you will quickly sense when speaking with any member of our team.

NOYO Web Development Inc. helps your business grow by providing exactly what you need, within budget, on time.