Today we are publishing the third post in our investigative series that is covering the spam activity that started with the Display Widgets plugin and expanded to a much larger story.
The story started Tuesday last week when we identified a backdoor that had been added to the Display Widgets WordPress plugin to publish unauthorized content on any website.
Then last Wednesday we revealed the person behind the backdoor and spam that was being injected into Display Widgets.
We spent another week investigating this story and today we have published a detailed post that reveals the following:
- There are a total of 9 WordPress plugins that were all targeted by the same spam operation that targeted Display Widgets.
- The 404 to 301 plugin spam we wrote about in August of last year is directly connected to the same spammer.
- Backdoors of various types were added to these plugins including one of the most popular WordPress plugins.
- A total of four plugins were involved in financial transactions that we have connected back to our original spammer.
- The operation started in 2013 and continued up to this month, September 2017.
Over the past week we have compiled this story through interviews with the WordPress plugin authors affected and the investigative work of our team.
Wordfence Founder & CEO