Wordfence, the security plugin that I use on my WordPress installations just published their investigation covering the spam activity that started with the Display Widgets plugin and expanded to a much larger story.
The story started Tuesday last week when they identified a backdoor that had been added to the Display Widgets WordPress plugin to publish unauthorized content on any website.
Then last Wednesday they revealed the person behind the backdoor and spam that was being injected into Display Widgets.
They spent another week investigating this story and today published a detailed post that reveals the following:
• There are a total of 9 WordPress plugins that were all targeted by the same spam operation that targeted Display Widgets.
• The 404 to 301 plugin spam we wrote about in August of last year is directly connected to the same spammer.
• Backdoors of various types were added to these plugins including one of the most popular WordPress plugins.
• A total of four plugins were involved in financial transactions that we have connected back to our original spammer.
• The operation started in 2013 and continued up to this month, September 2017.