Fake SEO plugin infects 4,000 Wordpress Sites

Fake SEO plugin infects 4,000 Wordpress Sites
Jennifer Frye


Over 4,000 Wordpress sites have been infected with dangerous malware that disguises itself as an SEO plugin to attract unsuspecting webmasters. This isn’t the first time Wordpress has has this issue, though…Wordpress is a frequent target for hackers.

Why do hackers target WordPress specifically?

Well, Because it’s so popular. If you want to hack into a ton of websites for your own nefarious purposes, are you going to spend a ton of time trying to find vulnerabilities on a more unique platform used by 500 websites, or are you going to try to break the platform that has hundreds of millions of sites? Exactly. So because WordPress is so widely used, it’s an incredibly popular target for hackers.

The Malicious Wordpress SEO Plugin

The fake SEO plugin is called “WP-Base-SEO” and ias based on a legitimate SEO module, so it makes sense why it might be overlooked during security scans - it seems like a real, viable tool for marketers and webmasters hoping to give a boost to their website traffic.

But rather than legitimately helping your site’s SEO, what the plugin really does is create a backdoor into the victimized site and giving hackers access to your confidential information. According to SiteLock, the hackers are likely scanning the internet looking for outdated WP plugins.

Why would a hacker want to break into your site?

There are three big reasons:

  • They want to access your database and use it to send out spam email.
  • They want to gain access to your data, credit card information, etc.
  • They want to gain access to your site and cause it to download malicious software onto your end user’s machine or they want to install malicious software for use on your site.

Wordpress site’s are notorious for malware and security issues. Avoid these issues and keep your site and your information safe by hosting your website with Xynergy or hiring our dedicated full time team of developers to maintain your site’s security. Avoid these issues from happening all together by using a real team of SEO experts to manage your site's search engine optimization, rather than relying on faulty plugins. 


(source one) (source two)

Contact us for help with your Website Security.

  or Call 505-557-7780


Websites & Mobile Apps, WordPress, Security & Privacy, Search Engine Optimization - SEO