I’m really happy to report that I’ve never used any of the plugins mentioned in this report on my sites or any of my clients’ sites.
Thanks to WordFence for all the hard work they do investigating things like this. As the WP ecosystem grows, there are more people looking to swindle and make a cheap buck (or cause a cheap disruption) using WordPress sites as their launchpad, and it’s good to know folks like those at WordFence have our collective backs.
People targeting a technology is an issue with any and every tech platform, really. From Android to Windows to Linux to Bitcoin, and even precious Apple. It’s not unique to WordPress. But what is unique to WordPress are the millions of users and developers in the open source community that are dedicated to making sure WP is a safe and solid platform, and that scammers, spammers, and malicious malcontents are identified, frustrated, and ultimately squashed.* Hats off to all of them for helping to cut the legs off of schemes like this one.
(*I realize that other technologies, like Linux, also have large open source communities looking out for the user community. I’m simply saying WP’s community is better. ;-) Come at me, Linux people!! I’m ready!!!**)
(**Please don’t actually come at me, Linux people. I’m really not very ready. I’m in the middle of a move, I’ve got a lot of organizing to do…you know how it is.)