Warning from WordPress.org Plugins Team

This evening I have a banner notice at the top of my WordPress Dashboard, copied below. I have two plugins from Essential Plugin on my site: Popup Anything and WP Logo Showcase Responsive Slider and Carousel.

—-Important Notice from the WordPress.org Plugins Team.

We would like to inform you that several plugins from the author “essentialplugin” have been reported by the community as not compliant with the guidelines. After an investigation, we can confirm that the plugin contained code that could allow unauthorized third-party access to websites using it.

In response, we have taken immediate steps to close the plugin in the WordPress.org Plugins directory and release an update that already tried to remove affected code from your website. Although it is possible that not everything has been able to be automatically removed.

Specifically, this plugin downloaded code from analytics.essentialplugin.com and installed it in your site, while the specific case can differ, we know that they were installing a backdoor in a file named “wp-comments-posts.php” that looks closely to the core file “wp-comments-post.php”. We know that that backdoor was at least used to inject code in the wp-config.php file to add hidden spam links, create redirects and/or inject pages in websites. Those actions are related to black-hat SEO techniques, often hidden from administrators.

While our update attempted to remove the backdoor automatically, it cannot confirm that it was fully eliminated. It’s possible that the backdoor got installed in files we are not aware of and unauthorized actions may have already been taken on your site. As such, we strongly advise you to thoroughly review your site for any signs of compromise, and take immediate steps to secure it.