I have had a lucky escape with the BlogPressSEO WordPress Plugin. I have just found out it was malware! I had it installed on 3 blogs too.
I installed this plugin about a year ago. I can’t remember exactly how I came by it but I must have been convinced that it was going to help my blogs with SEO. There was a free version and a paid version but I had the free version.
Just recently I started having some problems with the text captcha plugin on this blog and I also noticed that I was getting this error text at the bottom of my blog posts.
The requested URL /link_files/UNUP8J2AIMYF61LBCDA8-2429.hwe was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/22.214.171.12435 Server at 24365online.com Port 80
At first I thought it was a problem with the captcha plugin but then I noticed that I had the problem on all three of my blogs and I only had the captcha plugin on this blog.
So, I thought it must be a problem with my server but initially Hostgator could not find anything wrong. They were very helpful checking out plugins that caused something to appear at the end of my posts like the share plugins but I was not using the same one on all 3 blogs.
Finally, one of the Hostgator guys decided to run a malware scan on my blog and hey presto came up with the BlogPressSeo Plugin.
When I went to the plugin’s page from inside my blog I discovered that the website no longer existed. Then, through an internet search for the plugin, I discovered that internet marketers had been posting warnings about this plugin for months.
According to the posts the plugin author had included some code that allowed him to get the blog’s URL and admin email address of the blogs it was installed on. This allowed anyone who knew that to login without a password. Fortunately no damage seems to have been done to my blogs.
It seems that the plugin wasn’t doing anything for my SEO at all. It claimed to build backlinks to posts from other blogs with similar content which they say is impossible. ( I have seen some of these advertised though which I will have to investigate) .
So dear reader, I write this as a warning. It pays to do some research before downloading any WordPress Plugins unless it is on WordPress’s own free plugin site.
Bloggers were saying that the BlogPressSEO plugin would never have got onto WordPress’s plugin directory because of the code that the author included.
I have learned a lesson and had a very lucky escape. Have you had any plugin disasters? Share your experiences in the comments.