While checking my tweets I came across this bit of info. Apparently there’s a new WordPress SEO plugin that contains malware.
The site: http://blogpressseo.com/
Articles: http://yoast.com/blogpress-seo-plugin-spam/ and http://mtekk.us/archives/enemy-of-the-spammers/blogpress-seo-malware/
So stay away from this crap. There are plenty of sophisticated SEO plugins for WP.
One of the things I liked about phpBB MODs was that they were vetted - code checked and tested in a vanilla install. It meant a delay between submitting and approval but it did provide a measure of security.
I don’t think the WordPress Extend repository takes the same safeguards, but any plugin that isn’t hosted there should be checked even more carefully before installing it IMHO.
Was this really in the WordPress Extend? I can only find the hack to disable it now but was it listed? I assumed plugins are approved before published in there.
It’s good to see how fast it was neutralized though.