WordPress Managed Hosting - 40% Off For 4 Months - Coupon Code: BFCM2021 Avail Now

Fake Plugin Alert! Hacker Hides Malicious Code In Fake WordPress Security Plugin

Moeez — September 29, 2017 < 1 Minute Read
Fake Plugin Alert wordpress

In a recent report by Sucuri, a fake security plugin has been identified by the name of X-WP-SPAM-SHIELD-PRO. The fake plugin has a hidden backdoor that was put there by the developer of the plugin.

Judging by the name of the fake plugin, the cyber criminal wanted to take advantage of the popularity of a well reputed WordPress anti spam plugin, WP-SpamShield Anti-Spam.

The fake plugin has a hidden PHP code that creates a backdoor for the developer through which he can enter your website. The backdoor allows the developer to alter content, create an admin account and add images into the victim’s website.

Also, the developer of this plugin is also able to install a zip file in the website, unzip it and run the files on the website.

Following are the fake plugin files that had malicious code in them:

  • Class-social-facebook.php
  • Class-term-metabox-formatter.php
  • Class-admin-user-profile.php
  • Plugin-header.php
  • wp-spam-shield-pro.php

It would be wrong not to point out that users who downloaded the plugin should have taken more care. According to Sucuri, the plugin had not even been uploaded on the official WordPress repository. Users accessed the plugin from other sources that were obviously not reliable.

In such cases, it is our responsibility as well to ensure that whatever we install on our website is downloaded from a reliable source. If it’s a free plugin, then there is no better place than the WordPress official repository.

Since there are so many instances of security breach and fake plugins, WordPress users are highly advised to only install plugins from the official repository.

Create Faster WordPress Websites!

Free eBook on WordPress Performance right in your inbox.

    Create Faster WordPress Websites!

    Free eBook on WordPress Performance right in your inbox.

      Moeez is ‘The’ blogger in charge of WPblog. He loves to interact and learn about WordPress with people in the WordPress community. Outside his work life, Moeez spends time hanging out with his friends, playing Xbox and watching football on the weekends. You can get in touch with him at moeez[at]wpblog.com.



        WordPress Help Zone - Ultimate WordPress Pit-Stop

        Learning WordPress? Or are you expert enough to help others? Join our WP Facebook group!