Skip to main content

SEO Plugin For WordPress Could Give Hackers Control Of Your Website

By April 19, 2017March 1st, 2023Cybersecurity

WordPress remains the undisputed king of content management systems. It is the web’s most popular site-building platform, and odds are good that you either have a WordPress site or know someone who does. Legions of businesses use the open source CMS to build business-grade websites with a staggering degree of functionality.

Unfortunately, the immense success and popularity of the platform also makes it a target. Recently, the security firm SiteLock uncovered a nasty plugin based on the popular “Wordpress SEO Tools” plugin.

This one is called WP-Base-SEO, and while it does provide some legitimate SEO benefits, it also contains a PHP eval request that hooks into your theme and allows hackers to take complete control over your website.

Plugins are one of the best things about WordPress. With them, you can give your website virtually any functionality you want. Need an ecommerce platform for your business? A forum? A live chat service? You can do all of that with plugins, and more.

Unfortunately, given that plugins are made by third party vendors, it’s fairly easy for malicious code to find its way into the mix. WordPress doesn’t have extensive checks like the Google Play Store or the iTunes Store, so you don’t have buffer against winding up with a bad plugin.

For now, the best thing you can do is to scan your system for the presence of the plugin named above. If you find it, delete the plugin folder and lay down a fresh install of WordPress to be sure. That will eliminate the threat. Then, it’s simply a matter of checking periodically to ensure that you’ve only got the plugins you absolutely need to make your site function the way you want it to.

SEO plugins are extremely popular, because every business is looking for a way to get a tactical or strategic edge over the competition, which makes this threat all the more troubling.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.