In the last couple of days a story has broken about a fake WordPress plugin that has infected up to 4000 WordPress sites. The plugin in question is named WP-Base-SEO and masquerades as an SEO plugin, so convincingly that it is overlooked by security scans. However, the plugin infects sites with malware by creating a backdoor and has so far preyed on up to 4000 unsuspecting site owners.
The plugin was discovered by the team at SiteLock, who released an in-depth blog post discussing the plugin and the havoc it can cause. They confirmed the plugin managed to slip past security scans by operating as a forgery of WordPress SEO Tools, which is a legitimate SEO plugin.
As always, we urge all users to ensure their site has robust security in place. Keep your plugins and themes updated, remove any suspicious plugins immediately and change your password if you’ve ever had this plugin installed.