Another twist on what can happen if you don’t keep your plugins up to date: your website visitors can be re-directed to a site that, at the least, will present them with spammy ads and, at worst, will attempt to infect their computers.
A recent article on the Sucuri blog reported on a plugin that was surrendered by its original author and taken over by other, legitimate, owners.
However, sites on which this plugin was installed, but where the website owners failed to update it, started redirecting their visitors to a spam server.
When the original author gave up their involvement with the plugin it was taken over by others (legitimate, as I said) and it was moved to a domain owned by the new developers.
Except for those who didn’t update the plugin.
So what happened to those who didn’t update the plugin?
Domains that have lots of links going to them (as this one would have, given that it was the home of a successful plugin) are valuable – and so highly attractive to people who buy and sell domains for a living.
Between the purchase and sale of these domains many of these people host them on a server and make money on them by placing ads.
Or placing malware on them to infect the computers of visitors.
What happened in the case of this plugin was that the original domain eventually expired and was bought by one of these domain traders, who hosted it on a server that was generating pop-ups.
The pop-ups attempted to lock the visitor’s browser and displayed a message asking the site visitor to call them (no doubt in order to carry out some form of ransom demand, but that’s only my assumption – it’s not stated in the Sucuri article).
The website owners had simply failed to apply it.
The message for website owners is clear (as always!):
- Apply plugin updates as soon as they are available
- Apply theme updates as soon as they are available (the same thing as happened with this plugin can happen with themes)
- Apply WordPress updates as soon as they are available (I frequently read comments by people on forums saying they are going to wait for the x.x.1 release before updating WordPress)
- Remove from your server any application or software that is not necessary for the functioning of your website. A colleague recently discovered a PHP application on a customer’s server that enables you to change file paths in the WordPress database. A perfectly legitimate application but one that should be removed as soon as you’ve made the changes, not left for a hacker to exploit
- Only install plugins that are either premium or meet the criteria I set out on this page
As always, if you would like to talk to us about keeping your WordPress site as secure as possible and recovering quickly from hacks please: