The Small Business Website Guy

  • Home
  • Blog
  • About
  • WordPress Help
  • Services
    • WordPress Help
    • Hacked Site Cleanup
    • Website Management Program
    • Domain Registration
    • Web Hosting
  • Testimonials
  • Contact Us

December 5, 2013 by John

Phishing Scam Affecting WordPress Users

I’ve just learned of a phishing scam affecting WordPress users. Specifically, this campaign targets users and potential users of All-in-One SEO Pack, the most downloaded plugin for WordPress. At least one of my clients has already received an email offering a “free trial” of All-in-One SEO Pro, the paid version of this popular plugin.

The email reads as follows:

You have been chosen by WordPress community to try out our new All in One SEO Pack Pro v2.1. For further information please click on the following link where you can also find the download link http://[bogus domain]/all-in-one-seo-pack/ WordPress Community http://[bogus domain]

The download from these links is malware and if installed on your WordPress site will compromise your account and your server via a backdoor which allows the scammers to inject additional malware on your server.

Needless to say, do NOT click the links nor install the plugin. If you have already done so, let me know immediately so we can limit the damage as much as possible.

The good news is that the Wordfence plugin installed on most of your sites should detect the modified plugin files when comparing them with the real files in the WordPress repository, but this is after the fact and at least some damage will already have been done.

If you’re interested in the technical details of this malware, visit the blog at http://Sucuri.net.

John Sawyer

Like this post?  Sign up below to be notified when new posts are published:

johnsmith@example.com
John

Share this post:

Share on TwitterShare on FacebookShare on LinkedIn

Filed Under: Anti-Malware, Safe Computing, Security, WordPress Tagged With: all in one seo pack, phishing scam

Select Module

Comments

  1. Jeannette Paladino says

    December 5, 2013 at 11:49 am

    Thanks for the warning, John. I haven’t received this email yet, luckily. I’ll post to my social networks.

    • John says

      December 5, 2013 at 4:14 pm

      Thanks, Jeannette. We definitely need to spread the word as I’m sure there are those who will think this is a real offer.

  2. Rev. Diane says

    December 10, 2013 at 2:17 pm

    Thank you, John—
    What would we do with out you!
    Warmly,
    Diane

Recent Posts

  • Protect Yourself From Router Exploit
  • Is GDPR Compliance The Problem?
  • Warning! WordPress 4.9.6 Is Coming
  • MalwareBytes Update Issue
  • Google Issues New HTTPS Guidelines

Find Your Domain

Find a domain starting at $0.48

powered by Namecheap

Reach new audiences and grow your following

Privacy Policy | Terms of Use

Copyright © 2007-2021 by Chon Resources – All Rights Reserved Worldwide

We use cookies for various purposes including analytics and personalized marketing. By continuing to use the service, you agree to our use of cookies. - Privacy Policy
Protected by WebARX