Tuesday, November 23, 2010

BlogPress SEO plugin isn’t just bad, it’s malware

Making the rounds today from Techie Buzz is a discussion about a WordPress plugin called “BlogPress SEO”. Now, as you know, any plugin that promises linkbacks without you having to work at it is clearly doing something that’s not above the board. That promise, among others, is what BlogPress SEO states.

From what we’re reading over at Yoast and Mtekk, the plugin has back doors that will let the author bypass the login screen completely and be into the admin area of your blog in a snap. Even Matt Cutts, head of the webspam team at Google gives his warning over Twitter.

Regardless of the bad SEO practices and the malware-esque manner of the plugin, there is one essential lesson in this:

Don’t download plugins that aren’t in the WordPress plugin repository.

When this news came to our attention, the first thing I did was to search for it in the WP plugins repository. It wasn’t there. Which is good, because I know the folks who review all the plugins that are allowed into the repository and I’d be surprised if it were allowed in with suspect SEO and backdoor login hacks. Clearly the WordPress team is on their game.

It took me a while to find the site where you download the plugin and the site smacks of spam and scam. It just has that thrown together look. That should have been the first clue.

So, when you find a “cool new plugin” that people think you should download, check WP.org first. Then ask around the WP forums. Remember, too good to be true, often is.Techie Buzz, Yoast, Mtekk

View the original article here

No comments:

Post a Comment