In two weeks time, WordPress.org has closed three plugins because they contained content-injection backdoors. “Closing” a plugin means that it is no longer available for download from the repository, and will not show up in WordPress.org search results.

All of these three plugins have been subject to a shady purchase over the past months and was part of the same supply chain attack, with the goal of injecting SEO spam into the sites running the plugins.

The plugins involved are:

  • Duplicate Page and Post, 50,000+ active installs;
  • No Follow All External Links, 9,000+ active installs
  • WP No External Links, 30,000+ active installs

BE CAREFUL WHAT TO INSTALL

Selecting the right plugin for your sites, no matter on what (open source) technology it is built, is a task that should be executed with great care. We have proactively checked all our clients to ensure the mentioned plugins were not installed. If you are not an EMAKERS customer (yet) and you have any of these plugins installed, we recommend that you remove them immediately.

Customers of EMAKERS who use WordPress or WooCommerce technology and opt for a service contract are extra protected at EMAKERS with the Wordfence plugin that we install for them by default.