Malicious Plugins – Bozos Gonna Bozo

Hey All,

The Bozos have a new trick for making money and causing grief for WordPress sites – buying a plugin and then inserting ads or malware in it. Yay for their ongoing creativity. It’s a shame they can’t put this energy toward doing something useful.

Today’s affected plugin is one of our favorites – Fast Secure Contact Form. Which is a bummer since it has been fantastic for years. (As an aside, if you like a plugin, please kick a few $ towards the developers, so they keep working on it, and aren’t as tempted to sell them to less honorable folk.)

In short, the original developer sold the plugin, the new owner attempted to put malicious code in several of his newly acquired WordPress plugins which would connect to a server he owned and inject spam ads in the site’s posts.

Read more here:

This is exactly what happened with the Display Widgets plugin a while back.

For all sites using Fast Secure Contact Form installed (including ours), we’re going to make sure everyone is updated to the last known good version. Same for Secure reCAPTCHA (which we don’t use).

In TS news, we’ve been doing lots of HTTPS site conversions for sites wanting to comply with Google’s newest recommendations. (This will be the subject of our next post.)

Our new CDN servers are in place and serving static content for high traffic sites. So far this month, they’ve handled about 40TB of traffic – including one post which went extremely viral & has had over 11 MILLION views in a little over a week.  We’ll be adding more sites to it, and more CDN servers in more locations as we go.

And, best of all, the TS family has grown. Please extend a warm welcome to our new tech Shawn. Yay!

Thanks for reading, and for recommending us for hosting as often as you do. We very much appreciate it, and wouldn’t be here without you.