More threads by djbaxter


Jun 28, 2012
Reaction score
Three Plugins Backdoored in Supply Chain Attack
by Dan Moen ,
December 27, 2017

In the last two weeks, the repository has closed three plugins because they contained content-injection backdoors. ?Closing? a plugin means that it is no longer available for download from the repository, and will not show up in search results. Each of them had been purchased in the previous six months as part of the same supply chain attack, with the goal of injecting SEO spam into the sites running the plugins.

Duplicate Page and Post

Active Installs: 50,000+
Current Owner: pluginsforwp (joined July 10, 2017)
Sold Date: August 2017
Removed from date: December 14, 2017
The original plugin author responded to our request for information on the sale of the plugin, confirming that they did indeed sell the plugin to a person named Daley Tias in the summer of 2017. However, we were unable to find any record of a person name Daley Tias online. The original plugin author has not shared the purchase solicitation message with us at the time of this writing.

No Follow All External Links

Active Installs: 9,000+
Current Owner: gearpressstudio (joined March 17, 2017)
A company called Orb Online in West Sussex, UK made the payment for the plugin. A quick Google search leads us to their website: ?Orb Online is a UK based digital marketing agency, specialising in SEO, eCommerce and Magento web development.?

WP No External Links

Active Installs: 30,000+
Current Owner: steamerdevelopment (joined June 29, 2017)
The same person (or alias), Daley Tias, purchased both the Duplication Page and Post and WP No External Links plugins. Payment was received from Orb Online, with contact email address of This is also the same company that paid for the No Follow All External Links plugin.


Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

LocalU Event

LocalU - Level Up Your Content Marketing Game with AI

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...
Top Bottom