Fake SEO Plugin (WP-Base-SEO) Used To Compromise WordPress Installations
Affected Platforms
WordPress – all versions
Description
A fake SEO plugin is being used by attackers to compromise WordPress installations. The plugin is called WP-Base-SEO, and is a forgery of a legitimate search engine optimization plugin called WordPress SEO Tools. The plugin’s wp-seo-main.php file hooks WordPress’ native add_action() functionality to run a malicious base64 encoded PHP eval request. The result is the creation of a backdoor which a malicious actor could use to gain access.
Remediation
- Manually Check Installations for suspicious files
- Implement Strong Alpha Numeric Passwords to secure installations
- Update WordPress core, themes and plugins to the latest secure versions
