Fake SEO Plugin (WP-Base-SEO) Used To Compromise WordPress Installations

Affected Platforms

WordPress – all versions


A fake SEO plugin is being used by attackers to compromise WordPress installations. The plugin is called WP-Base-SEO, and is a forgery of a legitimate search engine optimization plugin called WordPress SEO Tools. The plugin’s wp-seo-main.php file hooks WordPress’ native add_action() functionality to run a malicious base64 encoded PHP eval request. The result is the creation of a backdoor which a malicious actor could use to gain access.


  • Manually Check Installations for suspicious files
  • Implement Strong Alpha Numeric Passwords to secure installations
  • Update WordPress core, themes and plugins to the latest secure versions


Leave a Reply