A new fake SEO WordPress plug-in is making the rounds in WordPress Installations compromising security. If you are running a WordPress based eCommerce store, this can be devastating.
First reported by website security agency SiteLock. The name of the dangerous fake SEO plug-in is WP-Base-SEO.
It is a forgery of a popular SEO plug-in for WordPress called WordPress SEO Tools.
According to SiteLock, the plug-in appears completely legit. It even comes with full documentation and references back to the WordPress plug-in database.
In fact, the plug-in creates a dangerous backdoor which allows hackers to take over your site for malicious purposes.
“Some versions include an extra hook that runs after each page load. This means that anytime the theme is loaded in a browser, the request is initialized,” SiteLock notes in the report.
The folks at SiteLock found this malware on many sites. But doing some research on the Internet using the name of the plug-in has shown no previous mention.
We urge you to check for suspicious plug-ins you installed in WordPress. This must include your “/wp-content/plugins” directory as well.
And you may also want to run a malware scan on your site using a reputable malware scanning tool or service.
There are some very good malware protection plug-ins in the WordPress Plug-In directory. We suggest you look at the ones with over 100,000 installs.
REMINDER ABOUT SITE SECURITY
Unfortunately, running an eCommerce store requires you need to carefully investigate all plug-ins you install. We cannot stress enough the use of test sites and researching the credibility of a plug-in prior to production use.
While running your own open source eCommerce platform is generally very secure, the ultimate responsibility for security falls upon you.
Unlike hosted solutions such as BigCommerce or Shopify, your web hosting service generally only runs security scans that can impact their servers.
Just a few extra precautions can save you a lot of trouble. Please check your WordPress based site today.