Malware Found In Plugin Distribution Package
-
Today my malware defense found the following keyboard logging html infection script on both my WP sites;
File contains suspected malware URL: /home/content/89/11198089/html/wp-content/plugins/transposh-translation-filter-for-wordpress/js/keyboard.js
Removed the plugin and with it went the infection. Reinstalled the plugin and the infection immediately returned. This infection also has a URL reference to a Google blacklisted URL for Malware website.
This must be the reason the upgrade package is distributed outside of WordPress.org.
UPDATE: After a somewhat hostile response from the author of this plugin, I changed my rating from 1 to 3 stars at his request. The software does work and the blacklist problem one will need to decide for themselves if it is of concern to them.
One should take into consideration that in order for the software to translate for the site users, a copy of all content is created for each language. Some find this troublesome for SEO duplicate content reasons and others find it actually beneficial for adding content. Only a Google insider would know if this is actually a plus or minus and in what situations. I will also note that soon (as in an hour) after I installed this plugin, I had to restore my database as everything but the theme shell became corrupted. I never could trace the cause, so it may or may not have been the plugin. Lastly, it took days to hear from the author after reporting the Malware alert. Granted this is not his primary support site and I should have thought to go there. However, I am troubled by the response received as if this was my problem that his software causes Malware alerts with a 3rd party security software. Whether this is the fault of the security software vendor or a legitimate problem is beside the point that attacking users for raising valid questions and concerns is not very good customer relations. A simple statement of why the alert happened would have gone much further in the goodwill department. I still have no rational understanding as to why the version distributed here on WP.org is crippled other than it is and apparently from the author’s comments he dislikes WP.org very much; nor do I understand why the copyright URL is blacklisted by Google according to Wordfence. Maybe the author should contact Wordfence and have it out with them rather than his users. Since translation is not a mission critical requirement for me, I have decided to leave this software off my sites. This certainly will please the author and I will be relieved of having to communicate with him the for the inevitable next troubleshooting incident. Your experience may be far different and there does appear to be many satisfied users of his software.
- The topic ‘Malware Found In Plugin Distribution Package’ is closed to new replies.