14 DAY TRIAL // Authors of the 404 to 301 WordPress plugin have hijacked the content of other websites by showing SEO spam on their homepages, most of the illegally displayed content being ads for payday loan services.
The 404 to 301 WordPress plugin is, at least in theory, a very useful plugin for site owners because it takes users landing on former website pages (that show 404 errors) and uses a 301 HTTP request to redirect them to the site's homepage.
Because 404 errors hurt rankings in search results, the plugin is useful for people who care about SEO.
WordPress plugin delivered payday loan ads to search engine crawlers
According to WordFence, a company that provides security products and services for WordPress website owners, the plugin abused the trust its users placed in it and secretly added code to the original site that loaded ads, usually right under the main navigation menu.
These ads were your basic SEO spam, ads that only showed up to Google's search bot, but not to regular users.
It was one of WordFence's customers who first detected this behavior when he couldn't figure out why his company's website featured a dodgy description in Google's search results.
WordFence investigated the case and notified both the plugin author and the WordPress security team in charge of the WordPress Plugins Directory.
Rogue plugin returns to the Light side of the Force
In normal circumstances, the plugin would have been removed, but its author removed the code responsible for the shady behavior three hours before this article's publication.
The plugin has over 70,000 active installs, and a 4.5-star review from its users. The latest version, 2.3.0, is safe to use, but the plugin's reputation has already taken a huge blow.
According to WordFence, the plugin's author took the liberty of hijacking other people's sites after he added the following text in the plugin's license agreement, in the Third Party Text Links section.
“ Third party text networks supply text for display in 404 to 301. These networks may collect your visitors’ IP addresses, in native or hashed forms, for purposes of controlling the distribution of text links. 404 to 301 collects anonymous aggregated usage statistics. By clicking the button here below, you agree to the terms and conditions and give permission to place text links on your website when search engine crawlers access it. ”