WordPress users are becoming increasingly more aware of security threats and as a result they are taking more actions to secure their websites (e.g. by installing security plugins). While this is a good thing, there are always black hats trying to take an advantage of new opportunities to compromise websites. For example, we’re seeing a rising number of fake plugins claiming to offer security, when in reality they have malicious intentions.
Recently, a fake WordPress security plugin called X-WP-SPAM-SHIELD-PRO got our attention.