A 13-year WordPress supply-chain operation under the SiteGuarding brand (legal entity SafetyBis Limited, Cyprus, dissolved 2016 — operation continued anyway). Started as a 27-plugin overt portfolio under @siteguarding (closed by wp.org in 2020 for guideline violations); pivoted to anonymous burner accounts (@lulub5592, @dalielsam) that wp.org closed in April 2026. Same backdoor codebase across all three phases — currently shipping siteguarding_tools.php v2.4 from a still-live C2.
Two distinct supply-chain attack chains in a single 6,000-install plugin, both operated by SiteGuarding (siteguarding.com) through two anonymous wp.org committer accounts. wp.org Plugin Review Team (PRT, plugin-master) closed the plugin on…
Attacker-controlled side-channel update endpoint shipped under the cover of "license validation" — same operator (SiteGuarding) and same sibling-plugin pair as audit #25 (wp-advanced-math-captcha). Where the wp-advanced-math-captcha audit …
SiteGuarding 27-plugin portfolio (2013-2020) — 15 plugins shipped siteguarding_tools.php v1.7 RCE backdoor INLINE in the plugin folder; 12 sibling plugins shipped phone-home guideline violations. wp.org closed all 27 in May-June 2020. Oper…