Is That WordPress Plugin Update Really MALWARE Instead? How to check.Nov 14
Today is wondrous Sunday! The day I was supposed to (get this, I hope you're sitting down) "rest" (OMG!) and "take a break" (Jeepers, say it ain't so!).
And I was, honestly and truly.
I really was!
Until I read this chilling post, and realized – I simply *have* to alert my readers.
Anywhos, there I was, blissfully consuming my 34th cup of coffee, wrapped up in my nice fluffy blue 21 year old house coat (funny how you just cannot get rid of down-home comforts, eh?) and simply enjoying my 4am.
I'll bet you're familiar with my state of being, right?
After all, imagine that you had just awakened, your family was still happily asleep so you could (sit down again, another impossible scenario is steamrolling to you this instant) get some work done, and you fire up your feedreader.
Figuring that you'd start checking out what your peers were writing, you calmly scroll through your entries and then you read…..THIS.
…I thought BlogPress SEO was bad, turns out, it's worse. It's malware. I had already discovered that it sent the admin email to the plugin's author, but today, mtekk uncovered that it was adding an option to log in, solely with that email address. Yes that's bad. I checked out the plugin code again, and noticed something that could solve all this….MORE….
Now, I don't know about you, but put the words:
- admin email
- wordpress plugin
all together, and you've concocted a sure-fire recipe for me to leap up in a state of extreme agitation (without spilling a drop of coffee, mind you, I'm not that hopeless) and shriek to the monitor:
"Jeepers self, shall I covertly panic now or in 2 seconds?"
Luckily sanity did prevail (raising a passel of kids and mooses and Twitter Budgies does that for me) and I continued reading.
Here's what happened.
1.) A WordPress plugin was created on a site that promised:
We have developed a superb wordpress plugin which can actually get 100's of backlinks like crazy, all on autopilot. As soon as you install the plugin, the plugin will find all relevant blogs in the network which are similar to your niche. So if you write about dogs then the plugin will find all blogs which talk about dogs. Once the plugin find the relevant blogs, it will mutually exchange links between the blogs. So if you have 300 posts in your blog then it will find 300 similar posts in the network, and in turn mutually links with those posts. So you will get around 300 backlinks right away. The more you write the more backlinks will be found by the plugin for your posts. This is a ongoing process and I can assure you that you will see gradual increase in traffic over time. ….MORE…..
2.) The download was from the original site, NOT the WordPress plugin repository.
In other words, that made sure no security checks were possible.
Can you say," Danger Will Robinson?"
3.) The BlogPress SEO plugin was written to steal your admin login info AND make it possible to login to your WordPress blog without a password.
To quote Yoast :
Update: It get's worse. As pointed out by this post, BlogPress SEO is pure malware, as it contains a function that allows someone who knows your admin email address (you know, the one they just sent to themselves when you installed the plugin) to log in without a password… That's purely criminal.
So I'll bet you're wondering just what mistake the plugin author made?
You'll love this:
4.) The BlogPress SEO WordPress plugin author wrote to BOTH Yoast AND mtekkmonkey and asked for a review.
Wow wow wow wow.
But here's a quick fix Yoast inflicted on that malware BlogPress WordPress Plugin!
This is sheer brilliance.
…With permission, he made a blank plugin by the same name over at the WordPress Repository that simply had a higher version number.
With the help of Andrew Nacin, I registered blogpressseo as a plugin on WordPress.org, created an empty plugin file with the same name and a higher version number, added a readme.txt with an upgrade notice, and uploaded it to WordPress.org….
I had already installed the plugin on my blog (well, an empty version of it, just the headers), so I could test it, and low and behold, it worked…
It's a primitive form of a kill switch (which I wish WordPress had, but it's better than nothing). The funny thing is: we'll now also be able to see how many people are running this plugin and how many of them upgrade. So far, 26 people have been saved!…MORE….
Wasn't that smart of him?
Which brings me now to:
What *you*, gentle reader, need to do *now*
If you've installed the Blogpress SEO plugin, *uninstall* it now.
Change your admin password.
And tell all of your network about this problem (feel free to point them to this site if needed).
When finding a nifty-neato WordPress plugin, you need to search for it FIRST on Google like so:
- (plugin name) malware (ie "blogpress seo" malware)
- (plugin name) spyware (ie "blogpress seo" spyware)
- (plugin name) help (ie "blogpress seo" help)
to see if anyone has experienced any problems already.
An educated blogger is always the best kind of blogger!
And one last thing:
Ideally, always and only download WordPress plugins from the official WordPress Plugin Repository.
While it's still no absolute guarantee of safety, it's as near as that as you can get.
Want more information? Check out:
- BlogPress SEO plugin isn’t just bad, it’s malware
- BlogPress SEO is Malware
- BlogPress SEO Plugin: Spam!
- BlogPress SEO Plugin: Spam, Spam, Spam!
- Don’t use BlogPress SEO. Ever.
- Malware Warning > BlogPress SEO Plugin
- WARNING: Don’t USE BlogPress SEO Plugin On WordPress, It’s A Scam and Trojan
Hope you found this article useful! It sure caught my attention, indeed.