Support » Plugins » [Plugin: WP Status Notifier] MALICIOUS PLUGIN: BEWARE

  • Beware of this plugin. The authors won’t say it in the wordpress official plugin page, but after a while you are using it it will add a link in your blogroll to their website. I did not realize this at first, but my customers did and it had a really BAD impact on my site’s image.
    Boo-hoo to I ask all their plugins get removed from

    To remove the malicious code just go to the plugin file and delete these lines:

    // Please do not delete this link to support the plugin
    	global $wpdb;
    	if($wpdb->get_var("SELECT COUNT(link_id) FROM $wpdb->links WHERE link_url=''")==0)
    		wp_insert_link(array('link_name' => 'WordPress Themes', 'link_url' => '', 'link_description' => 'Download Free WordPress Themes and Plugins' ));

    It is so sad and a shame to find this kind of people in a nice open source community like this.

    An advice to the authors: ask for donations or backlinks, do not do it the sneaky way. I will not download a single bit of code signed by you from now on. Think about this.

Viewing 13 replies - 1 through 13 (of 13 total)
  • Tosh


    Thanks for the heads up. That is sneaky and uncalled for.

    Ohh…I had a link which kept appearing in my blogroll. I had to hide it as deleting it wouldn’t work.
    I never considered that it could be down to a plug-in…

    I’ll have a look to find out which one it was.

    Thanks for that! =)

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    I’ve seen themes do similar nasty things.

    Nevertheless, I confirmed the behavior and reported the plugin.

    Phew! And I almost blamed my hosting company for a MySQL security breach!

    Does anyone know of another legitimate plugin which has the same funcionality?

    I see this was updated but no mention of if the code was removed. Working on removing this myself.

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    The code has still not been removed. Looks like they changed it to only add the link on plugin activation. I re-reported it, because it’s still spammy behavior. Also, their website ( is a trademark violation. See

    PROTIP: You can examine the source for any plugin in the Extend repository easily.

    See this URL?

    Note the name of it there is wp-status-notifier.

    Just add that onto this URL:

    And voila. Like so:

    I would say also try a plugin by peter, who does a ton of the plugins.
    this one works very well and I am using it.

    Otto42, thanks for letting people know!!!! I went with another plugin since as you pointed out it was not removed and it is suspect.

    Via #WordPress-dev meetups, WordPress is likely to be in process of enforcing plugin authors to not force links on sites that use their plugins.

    The rule hasn’t gone into effect yet, but hopefully it will soon and those plugins that don’t get updated, won’t be allowed in the plugin repo anymore.

    More news to come as more dev meetups occur.



    carnini writes:

    I would say also try a plugin by peter, who does a ton of the plugins.
    this one works very well and I am using it.

    I dumped the WP Status Notifier and installed that plugin. MUCH better plugin, and the note feature is so handy when it’s needed.

    Same deal. Noticed the spam link that got added. Boot this and any others that don’t comply. Now using Peter’s Collaboration E-mails plugin.

    Oh boy … after readng this I have really got scared. I thought WP must be checking the plugins listed here and they are safe. But it seems such plugin authors can really access our database username and passwords and play around with our data too. They can even hijack our blogs ! WP must do something to check this !

    James Hall


    I’m new to WP and installing the Easy Popular Posts plugin By Christopher Ross today and I found: Trojan-Spy.HTML.Fraud.gen while running the install link from a search in my Admin panel.

    It sure puts the WP Community in a bad light when WP controlls a directory of search results that they dont monitor for malicious activity, nor do they offer an easy way to report such files when found.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘[Plugin: WP Status Notifier] MALICIOUS PLUGIN: BEWARE’ is closed to new replies.