Malicious Code to Publish Spam on WP Sites

This entry was posted in Wordfence, WordPress Security on September 12, 2017 by Mark Maunder

Time to check your WordPress Plugins again…..
If you have the “Display Widgets” plugin on any of your WordPress websites, Nevada Website Design has learned from WordFence to emove it immediately. The most recent three updates and releases of the plugin have been found to have code that allows the plugin’s author to publish any content on your site….known as a “backdoor”.

The plugin’s acthors have been using the backdoor strategy to publish spam content to websites that have the plugin installed. During the past three months the “Display Widgets” plugin has been removed and readmitted to the WordPress.org plugin repository a total of four times. The plugin is used by approximately 200,000 WordPress websites, according to WordPress repository.

The Wordfence Blog warning post suggests immediately removing the plugin and other plugins that come up with a warning during a scan that says “this plugin has been removed from the WordPress repository”. If you have WordFence installed on your WordPress site or sites, with email notifications enabled, you would have been warned several times over the past few months that this plugin has been removed with a ‘critical’ level warning.

Remember, Nevada Website Design suggests you keep your website updated in order to help prevent hack attacks and malware injection.

If you are not a current client of Nevada Website Design, please contact us to learn how we can help improve your website performance, increase traffic to your website, and improve your search engine and mobile ranking.

And remember, too, that if you get a call from someone saying they are “Google”, get their number and do some research. Google does no soliciting!
There are some outfits calling themselves “Google Partners”. Don’t invest in a company that you don’t know or haven’t done research on….you will most likely be sorry.

Skip to content