• Home
  • Domains
  • Internet & Tech
  • Security & Privacy
  • Google & Search
  • Editorial Praise
  • Contact

Strategic Revenue - Domain and Internet News

Internet news authored by John Colascione

Register Domain Names

  • Isn’t Print Dead?
  • Killer Acquisition
  • New gTLD Death
  • Reseller Business
  • Semantic Indexing
  • You’re A Loser
You are here: Home / Security Issues / Big Deal: Another Popular WordPress Plugin Purchased by Nefarious User

Big Deal: Another Popular WordPress Plugin Purchased by Nefarious User

December 19, 2017 By John Colascione Leave a Comment

*** Here Is A List Of Some Of The Best Domain Name Resources Available ***

Register Domain Names

NEW YORK – A few months ago in September, I wrote about a plugin (Display Widgets Plugin) which was sold to someone who used it to compromise over 200,000 websites as that’s about how many installs it had and sites it targeted with compromising intentions. Well, it was a big deal then and it’s an even bigger deal now because it has come to light that this same tactic of acquisition has been used yet again, with (Captcha Plugin) to compromise 300,000 sites.

According to WordFence (which has become so useful and important to me, I might not run WordPress sites without it), Captcha Plugin was released with an update that triggers a process that downloads a ZIP file, then extracts and installs itself including a newer version with a backdoor with control of the administrative user (ID 1), sets authentication cookies, and then deletes itself and all file system traces of the backdoor, making it look as if it was never there and helping avoid detection.

Moral of the Story: The Boogeyman is coming!

If you run a WordPress site – without taking security seriously, even if you do everything right, update all your plugins, periodically change your logins, etc… etc…. good chance a clever hacker or Nefarious user who bought their way into your network, is going to get you anyway – and it is just matter of time.

So you’ve got to be one step ahead of him.

If you are using a WordPress website, I recommend you install the WordFence Plugin and I also recommend you follow their blog by opting in for their newsletter updates which send you email notifications on the need-to-know threats they are seeing and in most cases, automatically fixing and keeping you safe from. I use their Free Version because I have several WordPress websites but their Premium Version is supposed to be better. I would like to see them release an owner-level premium version and better multi-license pricing.

New Threat to WordPress Sites Designed to Bypass All Ordinary Security Measures

John Colascione

About The Author: John Colascione is Chief Executive Officer of Internet Marketing Services Inc. He specializes in Website Monetization, is a Google AdWords Certified Professional, authored a ‘how to’ book called ”Mastering Your Website‘, and is a key player in several Internet related businesses through his search engine strategy brand Searchen Networks®

Filed Under: Security Issues Tagged With: Acquisition, Acquisitions, Administrative, Authentication, Automatically, Backdoor, Compromise, Compromised, Cookies, Digital Acquisitions, Extracts, File System, Free Version, Installs, Plugin, Plugins, Premium Version, Security Vulnerabilities, Tactic, Tactics, Widgets, WordFence, WordPress, WordPress Plugin, WordPress Plugins, ZIP

*** Here Is A List Of Some Of The Best Domain Name Resources Available ***

Register Domain Names

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search This Site

by: John Colascione

John Colascione

Logo
John Colascione is Chief Executive of Internet Marketing Services Inc. He specializes in Website Monetization, authored a book called Mastering Your Website, and is a key player in several Internet businesses through his brand SEARCHEN®

The Published Reporter

The Published Reporter

Fellow Me

In The News

  • DNJournal: New Book From Veteran Domainer
  • From Brandable to Exact-Match Geo Domain
  • InnovateLI: Two Deals, One Very Interesting Digital
  • Internet Commerce Association: John Colascione
  • NamesCon: Featured Attendee: John Colascione
  • Long Island Media Inc, SmartCEO, Future 50
  • Speakers, Name Summit, John Colascione
  • Speakers, Real Estate Summit, John Colascione
  • 24 Leading Domain Experts Analyze 2017

Popular Stories

New gTLD? Not So Fast; History Suggests New ‘Right of the Dots’ Could = Total Failure

Could Domain Investing Industry End with Legal Provision for Domain “Hoarding”

Does the Domain Industry Suffer From Own Versions of Trumpted “Fake News” Stories?

Websites and Domain Names to Become Insignificant within 20 Years or Less

Why I Told My “New gTLD” Project to “Suck It” – Will Rebrand with King of all URLs

Quotes to Follow

quote icon The domain name is equivalent to Gold. It is the only packaged item which is globally tax-free, portable, with value that is universal across different cultures. quote icon – Frank Schilling

quote icon Domains have and will continue to go up in value faster than any other commodity ever known to man. quote icon – Rick Schwartz

quote icon  Google knows you, your friends, your likes, what entertains you, where you are in the world at any given time. Google will soon predict your next action, your next thought, based on a collaboration of thoughts past. quote icon – John Colascione

Like These Headlines?

Enter your email address:

Delivered by FeedBurner

T.L.D. Brokerage

Domain Brokers

Register Your Website Address

How Am I Supposed to Find A Good Domain Name When They Are Already All Gone?

SEDO Weekly Sales List Includes .Org Domain Sold at $36,523, .Me at $58,437

WEST PALM BEACH, FL – The domain name EditPad.org sold at $36,523 USD this week according to the latest SEDO.com weekly domain sales report. Also notable is .me domain name (country code … [Read More...]

Google Moves for More Control of World’s News with Major Google Play Update

WEST PALM BEACH, FL – Something remarkably interesting has been happening behind the scenes which very few have noticed, however, one firm who has not missed the quickly changing landscape, is … [Read More...]

Vulnerability In Official Facebook Chat Plugin Allowed Attackers to Chat With Site Visitors

WEST PALM BEACH, FL – At 3:47 PM today, the Threat Intelligence Team from WordFence, posted research detailing a vulnerability in The Official Facebook Chat Plugin, currently installed on over 80,000 … [Read More...]

Domaining blog recommended by Domaining.com Internet Commerce Association (ICA)
Copyright © 2010-2019 StrategicRevenue.com - Property of Internet Marketing Services Inc.   FeedBurner: RSS   RSS
By using this site you agree to our Terms of Service and Privacy Policy. If you do not agree, please exit the service.