Forums

WordPress › Support » Plugins and Hacks

[Plugin: WP Status Notifier] MALICIOUS PLUGIN: BEWARE (11 posts)

  1. mariostella
    Member
    Posted 5 months ago #

    Beware of this plugin. The authors won't say it in the wordpress official plugin page, but after a while you are using it it will add a link in your blogroll to their website. I did not realize this at first, but my customers did and it had a really BAD impact on my site's image.
    Boo-hoo to wordpresssuplies.com I ask all their plugins get removed from wordpress.org/extend

    To remove the malicious code just go to the plugin file and delete these lines:

    // Please do not delete this link to support the plugin

	global $wpdb;

	if($wpdb->get_var("SELECT COUNT(link_id) FROM $wpdb->links WHERE link_url='http://wordpresssupplies.com/'")==0)

		wp_insert_link(array('link_name' => 'Wordpress Themes', 'link_url' => 'http://wordpresssupplies.com/', 'link_description' => 'Download Free Wordpress Themes and Plugins' ));

    It is so sad and a shame to find this kind of people in a nice open source community like this.

    An advice to the authors: ask for donations or backlinks, do not do it the sneaky way. I will not download a single bit of code signed by you from now on. Think about this.

    http://wordpress.org/extend/plugins/wp-status-notifier/

  2. xberserker
    Member
    Posted 4 months ago #

    Thanks for the heads up. That is sneaky and uncalled for.

  3. bumblybee
    Member
    Posted 4 months ago #

    Ohh...I had a link which kept appearing in my blogroll. I had to hide it as deleting it wouldn't work.
    I never considered that it could be down to a plug-in...

    I'll have a look to find out which one it was.

    Thanks for that! =)

  4. Otto42
    Moderator
    Posted 4 months ago #

    I've seen themes do similar nasty things.

    Nevertheless, I confirmed the behavior and reported the plugin.

  5. Boris Mahovac
    Member
    Posted 4 months ago #

    Phew! And I almost blamed my hosting company for a MySQL security breach!

    Does anyone know of another legitimate plugin which has the same funcionality?

  6. carnini
    Member
    Posted 1 month ago #

    I see this was updated but no mention of if the code was removed. Working on removing this myself.

  7. Otto42
    Moderator
    Posted 1 month ago #

    The code has still not been removed. Looks like they changed it to only add the link on plugin activation. I re-reported it, because it's still spammy behavior. Also, their website (wordpresssupplies.com) is a trademark violation. See http://wordpress.org/about/domains/

    PROTIP: You can examine the source for any plugin in the Extend repository easily.

    See this URL?
    http://wordpress.org/extend/plugins/wp-status-notifier/

    Note the name of it there is wp-status-notifier.

    Just add that onto this URL:
    http://plugins.trac.wordpress.org/browser/

    And voila. Like so:
    http://plugins.trac.wordpress.org/browser/wp-status-notifier

  8. carnini
    Member
    Posted 1 month ago #

    I would say also try a plugin by peter, who does a ton of the plugins.
    this one works very well and I am using it.
    peters-collaboration-e-mail

    http://wordpress.org/extend/plugins/peters-collaboration-e-mails

  9. carnini
    Member
    Posted 1 month ago #

    Otto42, thanks for letting people know!!!! I went with another plugin since as you pointed out it was not removed and it is suspect.

  10. jdingman
    Member
    Posted 1 month ago #

    Via #WordPress-dev meetups, WordPress is likely to be in process of enforcing plugin authors to not force links on sites that use their plugins.

    The rule hasn't gone into effect yet, but hopefully it will soon and those plugins that don't get updated, won't be allowed in the plugin repo anymore.

    More news to come as more dev meetups occur.

  11. xberserker
    Member
    Posted 14 hours ago #

    carnini writes:

    I would say also try a plugin by peter, who does a ton of the plugins.
    this one works very well and I am using it.
    peters-collaboration-e-mail

    http://wordpress.org/extend/plugins/peters-collaboration-e-mails

    I dumped the WP Status Notifier and installed that plugin. MUCH better plugin, and the note feature is so handy when it's needed.

Reply

You must log in to post.

About this Topic

Tags