WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: WP Status Notifier] MALICIOUS PLUGIN: BEWARE (14 posts)

  1. mariostella
    Member
    Posted 5 years ago #

    Beware of this plugin. The authors won't say it in the wordpress official plugin page, but after a while you are using it it will add a link in your blogroll to their website. I did not realize this at first, but my customers did and it had a really BAD impact on my site's image.
    Boo-hoo to wordpresssuplies.com I ask all their plugins get removed from wordpress.org/extend

    To remove the malicious code just go to the plugin file and delete these lines:

    // Please do not delete this link to support the plugin
    
    	global $wpdb;
    
    	if($wpdb->get_var("SELECT COUNT(link_id) FROM $wpdb->links WHERE link_url='http://wordpresssupplies.com/'")==0)
    
    		wp_insert_link(array('link_name' => 'WordPress Themes', 'link_url' => 'http://wordpresssupplies.com/', 'link_description' => 'Download Free WordPress Themes and Plugins' ));

    It is so sad and a shame to find this kind of people in a nice open source community like this.

    An advice to the authors: ask for donations or backlinks, do not do it the sneaky way. I will not download a single bit of code signed by you from now on. Think about this.

    http://wordpress.org/extend/plugins/wp-status-notifier/

  2. Tosh
    Member
    Posted 5 years ago #

    Thanks for the heads up. That is sneaky and uncalled for.

  3. bumblybee
    Member
    Posted 5 years ago #

    Ohh...I had a link which kept appearing in my blogroll. I had to hide it as deleting it wouldn't work.
    I never considered that it could be down to a plug-in...

    I'll have a look to find out which one it was.

    Thanks for that! =)

  4. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    I've seen themes do similar nasty things.

    Nevertheless, I confirmed the behavior and reported the plugin.

  5. Boris Mahovac
    Member
    Posted 5 years ago #

    Phew! And I almost blamed my hosting company for a MySQL security breach!

    Does anyone know of another legitimate plugin which has the same funcionality?

  6. carnini
    Member
    Posted 4 years ago #

    I see this was updated but no mention of if the code was removed. Working on removing this myself.

  7. Samuel Wood (Otto)
    Tech Ninja
    Posted 4 years ago #

    The code has still not been removed. Looks like they changed it to only add the link on plugin activation. I re-reported it, because it's still spammy behavior. Also, their website (wordpresssupplies.com) is a trademark violation. See http://wordpress.org/about/domains/

    PROTIP: You can examine the source for any plugin in the Extend repository easily.

    See this URL?
    http://wordpress.org/extend/plugins/wp-status-notifier/

    Note the name of it there is wp-status-notifier.

    Just add that onto this URL:
    http://plugins.trac.wordpress.org/browser/

    And voila. Like so:
    http://plugins.trac.wordpress.org/browser/wp-status-notifier

  8. carnini
    Member
    Posted 4 years ago #

    I would say also try a plugin by peter, who does a ton of the plugins.
    this one works very well and I am using it.
    peters-collaboration-e-mail

    http://wordpress.org/extend/plugins/peters-collaboration-e-mails

  9. carnini
    Member
    Posted 4 years ago #

    Otto42, thanks for letting people know!!!! I went with another plugin since as you pointed out it was not removed and it is suspect.

  10. Jonathan Dingman
    Member
    Posted 4 years ago #

    Via #WordPress-dev meetups, WordPress is likely to be in process of enforcing plugin authors to not force links on sites that use their plugins.

    The rule hasn't gone into effect yet, but hopefully it will soon and those plugins that don't get updated, won't be allowed in the plugin repo anymore.

    More news to come as more dev meetups occur.

  11. Tosh
    Member
    Posted 4 years ago #

    carnini writes:

    I would say also try a plugin by peter, who does a ton of the plugins.
    this one works very well and I am using it.
    peters-collaboration-e-mail

    http://wordpress.org/extend/plugins/peters-collaboration-e-mails

    I dumped the WP Status Notifier and installed that plugin. MUCH better plugin, and the note feature is so handy when it's needed.

  12. schulte
    Member
    Posted 4 years ago #

    Same deal. Noticed the spam link that got added. Boot this and any others that don't comply. Now using Peter's Collaboration E-mails plugin.

  13. nims
    Member
    Posted 4 years ago #

    Oh boy ... after readng this I have really got scared. I thought WP must be checking the plugins listed here and they are safe. But it seems such plugin authors can really access our database username and passwords and play around with our data too. They can even hijack our blogs ! WP must do something to check this !

  14. Jim Hall
    Member
    Posted 4 years ago #

    I'm new to WP and installing the Easy Popular Posts plugin By Christopher Ross today and I found: Trojan-Spy.HTML.Fraud.gen while running the install link from a search in my Admin panel.

    It sure puts the WP Community in a bad light when WP controlls a directory of search results that they dont monitor for malicious activity, nor do they offer an easy way to report such files when found.

Topic Closed

This topic has been closed to new replies.

About this Topic