BlogPress SEO: Blatant Spam, Malicious Code

DO NOT use BlogPress SEO. If you’ve installed it already, uninstall it right now, change your passwords, and also change the email address you use for your admin user. Why? Read on.

While you should be suspicious of any WordPress plugin claiming to optimize your search engine rankings, it should go without saying that a plugin claiming to provide “100s of backlinks” without any work on your part ought to be well avoided.

Blogpress SEO was recently evaluated by Yoost de ValkLasix No Prescription and found to be exactly what you might expect: pure spam, and likely to get you banned from Google for being a part of a link scheme. Says Yoost:

You know what the funny thing is? The bad stuff doesn’t end here. In the email they sent me, they also alluded to a paid version of their plugin, to be released soon:

“The paid version of the plugin will not exchange links, but just allow other blogs to place links and will not place any outgoing links on users blog.”

You know what we call that? We call that buying links. Now whether or not you’re morally opposed to that doesn’t matter, Google is.

The plugin also adds a link back to itself in a hidden DIV. So when Google gets wind of what BlogPress SEO does — and it would be ridiculous to think Google didn’t know about this by now — there’s a handy-dandy tattoo on every website with it installed, so Google will have no trouble identifying these link-spam participants.

Luckily, it’s quite easy to detect whether a blog runs this plugin, so Google will probably eliminate those quite easily. The risk you run? Well, I’ve seen sites get banned for participating in programs like these in the past. Like, banned from Google entirely, getting no traffic from Google anymore, nothing, zero, nada, zilch. Is it worth that? Thought not.

He also noticed in the code a place where, every time the plugin is run, it sends an email to containing the admin user’s email address. Hmm, what might that be about?

Mtekk figured it out, finding another piece of code that completes the tale of malice:

Just append ?loginyes=1&email= to any url on a site running this script will get you in, all you need to know is the email address of the admin.

So, to sum up, BlogPress SEO provides you all of these fantastic benefits:

  • Turns you into a link-spammer, which Google has no trouble identifying and punishing by making you invisible.
  • Leaves tons of tell-tale signs for Google to know that you’re running the plugin, thus making it even more likely you’ll be Google-slapped.
  • Creates a backdoor so that anyone who knows your admin email address can log into your site without a password.
  • Hands the keys to your site over to the jerk who wrote this plugin.

The moral of this story: THERE IS NO MAGIC SEO BULLET!

There are a lot of jerks out there who know that lure of easy SEO and magical no-work backlink building makes people likely to install things without thinking about it. Don’t be taken advantage of!

Automatic backlinking might give you fast results, but the search engines get smarter every day — don’t think you can outsmart the search engines. The evidence shows that Google, and probably Yahoo and Bing as well, have ways of identifying and punishing domains that try to game the system. And when that happens, all of that black magic not only will have done absolutely nothing for you, but you will have a hell of a time just recovering your domain name from search engine purgatory.

Good SEO isn’t hard, but it does take work. Beware of any plugin that promises money for nothing.

About The Author


Other posts by

Author his web site


11 2010

Your Comment