Want a supercharged WordPress Site?

Just be careful what you wish for.

It appears that a plug-in called ToolsPack which claims to “Supercharge your WordPress site with powerful features…”  is actually a back door that allows hackers to run any command they want on your site.

The plug-in has recently been appearing in sites that have been hacked in other ways, hiding in plain site as a plug-in, hoping users will ignore it as genuine and therefore allowing full access to your site data at any time.

It you see this plug-in installed in your site, un-install it and then do all the usual review of your site to find any weaknesses – further information can be found here or your nearest friendly developer!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This entry was posted by Paul Sayer in Security.