9 WordPress Plugins Targeted in Coordinated 4.5-Year Spam Campaign

Posted on Posted in Alert, Notices, Security, Slider

Today WordFence, our Firewall/Security program group, is publishing the third post in their investigative series that is covering the spam activity that started with the Display Widgets plugin and expanded to a much larger story.

The story started Tuesday last week when WordFence identified a backdoor that had been added to the Display Widgets WordPress plugin to publish unauthorized content on any website.

Then last Wednesday WordFence revealed the person behind the backdoor and spam that was being injected into Display Widgets.

WordFence then spent another week investigating this story and today we have published a detailed post that reveals the following:

There are a total of 9 WordPress plugins that were all targeted by the same spam operation that targeted Display Widgets.
The 404 to 301 plugin spam WordFence wrote about in August of last year is directly connected to the same spammer.
Backdoors of various types were added to these plugins including one of the most popular WordPress plugins.
A total of four plugins were involved in financial transactions that we have connected back to our original spammer.
The operation started in 2013 and continued up to this month, September 2017.

Over the past week we have compiled this story through interviews with the WordPress plugin authors affected and the investigative work of our team.

You are advised to read the linked article to increase your understanding of security and its importance to your clubs website.

Larry Johnson, VP
Chair Tech/IT Committee(s)

Leave a Reply

Your email address will not be published. Required fields are marked *