It’s an easy mistake to make. You need a plugin. You Google it, find one, download it and unknowingly install malicious code on your WordPress site. Hackers now have a ‘back door’ and can essentially do whatever they please with your site. And you will most likely be unaware that anything is wrong. For a while at least.
It’s not only inconvenient to have to get someone to clean up your hacked WordPress site, if you don’t have proper backups, it may be impossible. In either case it will cost you money and damage your online reputation.
Check out the post I’ve linked to in the tweet below.
Great post from @sucuri_security "Unmasking “Free” Premium WordPress Plugins" http://t.co/ijFrEZQUrJ
— Rob Edwards (@lifeformnz) May 11, 2014