Are you aware there are dangerous WordPress plugins?

You have to be very careful when installing plugins EVEN if it has great reviews because there are Dangerous WordPress Plugins out thereDangerous WordPress Plugins.

I was just made aware that this plugin called 404 to 301 inserts a block of text on your site’s home page which then inserts spammy links on your site. You can’t see it, but Google& Bing can when they crawl your site.

This company that realized what was going on only found it by chance when a piece of software they ran took a screenshot of their site.

You may think they are breaking the law because you certainly didn’t agree to this, but unfortunately you would be wrong. They covertly insert text into their terms & conditions before you even install the dangerous WordPress plugin. It’s way at the bottom & like most people, no one ever reads every term & condition page.

Here’s what it says:

Third Party Text Links

Third party text networks supply text for display in 404 to 301. These networks may collect your visitors’ IP addresses, in native or hashed forms, for purposes of controlling the distribution of text links. 404 to 301 collects anonymous aggregated usage statistics.

By clicking the button here below, you agree to the terms and conditions and give permission to place text links on your website when search engine crawlers access it. Your website’s layout, performance and interaction with human visitors should not be altered or affected in any way. Please note that this feature can be deactivated at any time under 404 to 301 Setting > Help & Info > Plugin Information > Disable UAN, without affecting any other feature available in 404 to 301.

404 to 301 – Copyright © 2016.”

The two developers are:

Joel James & The Foxe
both from Kerala, India
Their site: https://thefoxe.com/

 

One Response to “Dangerous WordPress Plugins”

  1. Michelle Says:

    Here is another WordPress plugin that has been cited as being dangerous.

    It’s called W3 Cache which was once a VERY well known plugin. It has a high risk XSS vulnerability because it hasn’t been upgraded since 2014.

    An XSS vulnerability allows malicious code to be placed on your site so the content is changed, and when a visitor arrives there, the browser triggers the hack via an executable.

Leave a Reply

You must be logged in to post a comment.