Security on the internet has always involved a series of evolving threats, as soon as one threat is blocked a new one pops its ugly head up. Vigilance is key and staying up to date in this game of moving targets is vitally important.
The latest threat to those running a WordPress website is the ‘Plugin Backdoor Supply Chain Attack’. A devious attack that’s fairly low tech but extremely effective. In this particular attack spammers are buying up WordPress Plugins used by 10’s of thousands of sites (hence the supply chain part of the name) and adding backdoor code to the plugin. When any site using the plugin updates to the latest version they have a spam delivery backdoor installed on their site, and unless they remove the plugin this spam delivery system can present some very dodgy content to their visitors.