WordPress is an open community and practically anyone can develop plugins or themes for it. However, there are several shady plugins for WordPress out there which you might as well stay away from.
One such plugin is called BlogPress SEO, which promises users hundreds of backlinks once you install it. However, don’t fall for it, it is a trap and will expose your login information to the developer of the plugin and will allow them to automatically login to your blog.
There are couple of blog posts from Yoast and Mtekk which expose the big problems with this plugin. First of all, this plugin stealthily emails your admin email address to the author of the plugin. The second and bigger problem is that, the plugin has a function which allows the plugin author to bypass the WordPress login.
Yes, you read it right, the plugin first emails your admin email to the author and then allows him to login to your WordPress admin without a password. Scary right.
If you have installed the BlogPress SEO plugin, you have to do two things. First of, deactivate the plugin ASAP. Secondly, change your admin email address. Changing your password will do no good. Thirdly, only install plugins which are available in the WordPress repository as they are safe.