BowlerHat is a Local SEO consulting & SEO
company that helps you win online

WordPress All in One SEO Plugin Vulnerabililty

Shady hacker trying to break into a websiteHey folks, there is a recently announced vulnerability affecting the popular All in One SEO Plugin. The vulnerability allows a site user of any level to escalate privileges to admin level and from there on in they pretty much have an open book.  

Hey, I’m over here, hack me!

Frustratingly the All in One SEO plugin issues a generator tag that announces the version number. So, before long, some enterprising asshole hacker will likely frig together a scanner to identify target sites and we will see infection rates rocket.SEO Implications

The SEO implications are stark – depending on what the attacker decides to do you may see your visitors infected which is not a great present for your loyal or soon to be customers. Worse still you may see a warning page placed before your site by your web browser or by Google search informing customers to turn back. These warning pages have become increasingly hard to allow folks to proceed past (if they would even want to) and you can see an interruption to website traffic, PPC traffic and recently we have seen local results decoupled from the site with users sent directly to the Google+ page. If the problem persists for a week or more you can see a serious impact to your online visibility which will hit you where it hurts – in the pocket!

Cleaning up once you have been infected is also no joke and often sites can be reinfected via back doors and other problems.

The best defence…

The best defence is always a good offence and that includes regular daily backups, updating plugins as they become available and keeping WordPress itself up-to-date. There are also further steps you can take to secure a WordPress installation and bolting on some security monitoring so you know the minute something changes or if the site becomes vulnerable is a sensible approach – insurance for your visibility (check out our SEO Armour Service for a comprehensive security monitoring, clean up and back up system that takes care of security on WordPress or any other CMS system).

A Simple Fix

Fortunately, this one has a simple fix – simply update the plugin to the latest version and sleep easy at night.

Stay Safe, Stay Secure, Stay in Business!

There is some pretty nasty malware out there at the moment and attackers are going to be looking for new methods to distribute these tools – don’t let your site be one of the zombies! If you need help with security drop a comment below or give us a shout + share this post to ensure everyone using All in One SEO Pack gets updated.

Trackback from your site.

Marcus Miller

I am an SEO Consultant based in Birmingham UK and with clients all over the world. I have been working in and around search for 15 years and currently focus on SEO Consulting, Website Consulting, Local SEO and Technical SEO Audits.

Comments (2)

  • comment_avatar



    Thanks for the heads up Marcus! Now to try and remember which of our 100′s of sites has it installed! Grrrrr!


    • comment_avatar

      Marcus Miller


      Yep, it’s a nasty one as well so it’s off to manual audit land you go! *cough* it’s no Yoast WordPress SEO anyhow *cough* :)


Leave a comment