Support » Fixing WordPress » Malware in the Plugins directory

  • [ Moderator note: moved to Fixing WordPress. ]

    After installing a plugin recently (ShareThis) from the WordPress plugins directory, I decided that it wasn’t what I expected so I deactivated and then uninstalled it. Guess what? Not only is there still a “ShareThis” tracker running in the background on my site, but the elements are still on my page. This plugin is MALWARE at this point. Why is it still in the directory? Better yet, does anyone have any idea how I can actually get rid of it? I contacted the developer through the support forum to no avail (surprise!).

Viewing 5 replies - 1 through 5 (of 5 total)
  • Agreed. ShareThis and the Simple Share Buttons Adder (PRO) all do the same thing. No reply from developers. Why is this allowed?

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Sorry, but that’s not malware.

    *Drinks coffee and moves topic*

    Those plugins are software as a service. That means the plugins are an interfaces to those other companies servers. That’s allowed and the code for the plugin is 100% GPL compatible.

    The code on their servers may not be but again, that’s allowed as software as a service.

    I’m not being glib here: if you don’t like their service then do not use their plugin.

    I decided that it wasn’t what I expected so I deactivated and then uninstalled it. Guess what? Not only is there still a “ShareThis” tracker running in the background on my site, but the elements are still on my page.

    If you are not getting help from the plugin author then the Fixing WordPress (this forum) is the place to ask for help.

    What is the URL of your site?

    Hi Jan,
    Appreciate your reply, the site is here. Also I’m sorry, but it is very definitely spyware, which falls under the general umbrella of malware, doesn’t it? This is what the American dictionary says of spyware:

    spyware (spīˈwârˌ)►
    n. Software that secretly gathers information about a person or organization. (Check!)
    n. Any malicious software that is designed to take partial or full control of a computer’s operation without the knowledge of its user. (Check! — in that it can’t be removed or stopped)

    I think I may not have been quite clear. The ShareThis plugin installed non-removable VISUAL elements on my page and in my code — see screenshots below. When I say non-removable I mean they persist after so-called uninstall, and that is definitely NOT okay. This is doubly true in this case, where it was not disclosed that elements and code would be permanent even after “uninstall” — that’s ridiculous.

    I’m trying to make someone higher up aware of this thing because there’s no way this should be allowed in the official WP plugins directory. I could understand if it were a plugin I had downloaded from a third-party website, but I got this right here on WP.org and that is so wrong.

    Visual elements still on page
    Code still in page source
    Active tracker
    Plugin not installed

    • This reply was modified 3 years, 9 months ago by singer74.
    • This reply was modified 3 years, 9 months ago by t-p.
    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    I’m trying to make someone higher up aware of this thing because there’s no way this should be allowed in the official WP plugins directory.

    Feel free to contact the Plugins team via plugins@wordpress.org if you like. Please don’t be disappointed if they explain Software as a service again.

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    When I say non-removable I mean they persist after so-called uninstall, and that is definitely NOT okay.

    That would be correct, if it was true. It’s not. Removing the plugin removes the code for it as well. Checked. Tested.

    Now, you may have some aggressive caching happening on your site. Not uncommon for full-page HTML caching to exist. With aggressive caching, when you change the content of your site, you need to clear the cache to see changes occur. That’s the most likely explanation.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Malware in the Plugins directory’ is closed to new replies.