In a recent report by Sucuri, a fake security plugin has been identified by the name of X-WP-SPAM-SHIELD-PRO. The fake plugin has a hidden backdoor that was put there by the developer of the plugin.

Judging by the name of the fake plugin, the cyber criminal wanted to take advantage of the popularity of a well reputed WordPress anti spam plugin, WP-SpamShield Anti-Spam.

The fake plugin has a hidden PHP code that creates a backdoor for the developer through which he can enter your website. The backdoor allows the developer to alter content, create an admin account and add images into the victim’s website.

Also, the developer of this plugin is also able to install a zip file in the website, unzip it and run the files on the website.

Following are the fake plugin files that had malicious code in them:

  • Class-social-facebook.php
  • Class-term-metabox-formatter.php
  • Class-admin-user-profile.php
  • Plugin-header.php
  • wp-spam-shield-pro.php

It would be wrong not to point out that users who downloaded the plugin should have taken more care. According to Sucuri, the plugin had not even been uploaded on the official WordPress repository. Users accessed the plugin from other sources that were obviously not reliable.

In such cases, it is our responsibility as well to ensure that whatever we install on our website is downloaded from a reliable source. If it’s a free plugin, then there is no better place than the WordPress official repository.

Since there are so many instances of security breach and fake plugins, WordPress users are highly advised to only install plugins from the official repository.