Two days ago i setup Wordpress Blog. I activate some plugins these plugin are mainly security related. Now i am getting spam comments and these are like flood of spam comments. I hasn't given this link to anybody yet. Only submit sitemap to search engine (google,yahoo,Bing) and i don't think anyone can find that blog yet from search engines. Now i am wondering, Is it possible that one or all of these plugin communicate between my blog and spammer? If yes this mean creator of these highly recommended plugins spamming the blog as his plugin tell him about my blog at which it is active.
It is possible that the plugin is the leak for your site getting out. Many Wordpress themes and plugins have links and other malicious code hidden in them, so you have to be careful about what you install on your site.
This is what i am doing but it not possible to see every comment. You see when i was editing my template i got 25 spam comments and these were coming. My blog is not index in Google yet so i don't care about these comments and delete at once. But when i will started to get real visitors comments it could be problem. Now can anyone help me to identify these malicious code in these plugins. I downloaded these from word-press and i think these should be clean. Otherwise wordpress will ban those plugins. But here i want to know how those malicious script look like so i can identify those code in plugins.