Many website are using backdoored WordPress Plugins

Do Son December 28, 2017 2 minutes read

According to foreign media reports on December 26, 14 WordPress malicious plugin discovered and deleted by the WordPress team in 2014 is still used by hundreds of websites. These malicious plug-ins may allow an attacker to execute code remotely resulting in the disclosure of website information. Currently, the WordPress team has provided the response.

The WordPress team disclosed in early 2014 that 14 WordPress plugins had malicious code that allowed an attacker to insert an SEO spam link on the hijacked website to get the site’s URL and other details by mail. It was not until the end of 2014 that the authorities removed these malicious plugins from the catalog.

WordPress malicious plug-in resurgence

The WordPress team recently discovered that the official plug-in directory was artificially altered, causing the old blocked plug-in pages to remain visible, and all plug-ins contained pages with malicious code. This shows that there are still hundreds of sites still using them after three years of official removal of malicious plug-ins.

In an effort to protect users from malicious plug-ins, some experts advised WordPress teams to remind site owners when removing malicious plug-ins from the official plug-in directory, but the idea was rejected by the WordPress team as “likely to expose the site to greater security risk” negative. The controversial point of the proposal is that it creates a moral and legal dilemma: removing a plug-in can protect your site from hackers, but it can also do damage to some of your site’s features.

Currently, to guard against some of the major security threats, WordPress developers will roll back to the last “clean” version of an infected plug-in and force it to be installed as a new update on all affected plug-ins Site. This will not only remove malicious code to maintain site security but also ensure that the site features are not affected.

Source: BleepingComputer