If you are Administrator of a WordPress website, pay attention!
As SiteLock shows, WP-Base-SEO does a very good job in faking legitimacy, providing references to the official WordPress Plugin Database and instructions on how to use the plugin properly.
Still, digging deeper in the main PHP files of the plugin, they found out a base64 eval request. It’s a PHP function very often used for malicious purposes and, as such, its use is disregarded by PHP.net. In this case, it opens up backdoor access to the website.
The security news website Threatpost states that over 4.000 WordPress sites have been infected by WP-Base-SEO. It is likely that the attackers have mass-scanned WordPress websites searching for outdated plugins to target. This is a very common practice.
Just to provide an example, in April, 2016 an outdated version of WordPress RevSlider image slider plugin, was held responsible for 2.5 terabytes data leak that went under the name of “Panama Papers”.
How to increase your WordPress website Security?
- Keep the WordPress Core updated to the latest version
- Pay attention when installing a new WordPress plugin on your website: look for good ratings and legit feedback from the WordPress Plugin Database users
- Keep your plugins updated to the latest version
- If a plugin has not provided any update in the last few months, consider removing it from your website.
We at Handyweb have dealt with WordPress Security issues and can help you if you need solutions! Contact us!