The WordPress Plugin Backdoor Supply Chain Attack, Spammers are a Creative Bunch…

Security on the internet has always involved a series of evolving threats, as soon as one threat is blocked a new one pops its ugly head up. Vigilance is key and staying up to date in this game of moving targets is vitally important.

The latest threat to those running a WordPress website is the ‘Plugin Backdoor Supply Chain Attack’. A devious attack that’s fairly low tech but extremely effective. In this particular attack spammers are buying up WordPress Plugins used by 10’s of thousands of sites (hence the supply chain part of the name) and adding backdoor code to the plugin. When any site using the plugin updates to the latest version they have a spam delivery backdoor installed on their site, and unless they remove the plugin this spam delivery system can present some very dodgy content to their visitors.

WordPress have been taking down the plugins effected by this exploit for the last two weeks and are tracking the evolution of the attack. It has now effected 3 Plugins and nearly 100,000 sites. For a full rundown of the exploit WordFence have a great article on their site. It may be easy to see this as a problem just for website owners but that is a myopic perception. If you visit one of the sites affected you are also in danger of being a victim of this attack.

Reference: WordFence – Plugin Backdoor Supply Chain Attack