Finally fixed – WordPress SEO Plugin Risk

So as a few people probably noticed, for a while this site redirected to somewhere rather unsavory if you were unfortunate enough to browse from a mobile.

This will no longer be a problem, however I feel that I should note the particular SEO plugin which was exploited to allow these hacks.

I should also note I’ve been receiving a lot of brute force attacks recently, which is to be expected I suppose for someone who works in iGaming SEO, but still somewhat annoying.

It seems WordPress SEO is at fault. I know this has come to light recently (about a month ago), but seeing as I’d been having problems with the redirects for about 6 months prior to this plugin being flagged I figured it wasn’t an issue.

I also figured that with the latest update my site would be safe, I was wrong. The funny thing about this is, if it wasn’t for the fact that all of the site posts and pages now 404’d and that I had some securi warnings about a brute force attack (separate issue) I probably wouldn’t have noticed for a few weeks

It’s not like I update this site too often or check the analytics/rankings as it’s more of a personal archive than anything.

Now the interesting thing is that I believe this plugin has been exploited twice now, the 1st time with the intention of redirecting traffic. This is a relatively easily explainable crime and one I put down to just being unlucky.

The more recent one however seems to have been done to turn all of my posts into 404 pages, they were still in the admin panel and still the shortened versions displayed in their relative categories and the home page etc. Now that is something that is a bit more malicious. As there is nothing to gain there unless you want my site to stop ranking for something you want to rank for.

It’s also not like it ranks for anything particularly important, except for one particular term which may get some interest. That of course is iGaming SEO. Although as I’m sure most of the people ranking near the top for that page will tell you (I was one for a long time – and I was at BC now number one as head of the iGaming dept for a long time as well) it doesn’t really generate any leads anyway.

So, basically if anyone is in even a remotely competitive and commercial field it appears that pretty much every Tom, Dick and Harry is smart enough to exploit this plugin. So get rid of it, don’t hope for updates to fix it.

Oh and as I’m pretty much 100% sure who’s done this prepare to see some interesting Negative SEO case studies in the coming weeks.

This entry was posted in Mike Litson. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>