Display Widgets is a well-known plugin used by over 200,000 sites, but it has recently been removed from the official plugin directory because it was deemed to contain malware.
In this issue, we will explain the problem and how to deal with it.

How the malware distribution by Display Widgets happened

In mid-June 2017, Display Widgets was sold by the author to another company for the rights to the plugin, which was then controlled by a user calling himself displaywidget.
That same month, David Law posts on the Forum that he suspects the plugin is collecting and transmitting large amounts of server information, including IP addresses, to external parties, and the plugin’s code is suddenly removed from repositories (code sharing sites).
In late June 2017, Display Widgets version 2.6.1 was released with a version containing malware called geolocation.php (code that can tamper with sites), but no one noticed this for a while, and users updating A number of users updated their sites, and a large number of sites were affected by the defacement.
In late July 2017 wordpress.org stops publishing the official directory of plugins.

What should I do if I have Display Widgets installed?

Currently Display Widgets has been removed from the official directory and cannot be updated.
If you are using Display Widgets version 2.6.1 to 2.6.9, it is very dangerous.

Download a clean version of Display Widgets here

After downloading the file, unzip it, use FTP software to delete the display-widget folder in the wp-contents/plugins folder of your current site, upload the unzipped file, and replace it.

Related Posts:

  1. WordPress Examples of redirect hacks where WordPress WordPress redirects to another site without permission and how to deal with them.
    Recently, there have been an increasing number of cases where sites have been tampered with, redirecting users to a fake Windows virus removal page or PC repair page only when accessing the site via Google. In this issue, we will deliver an explanation of this case and countermeasures....
  2. More attacks against vulnerabilities in the plugin Duplicator
    Duplicator, a plugin deployed on millions of sites that allows users to migrate, copy, move, clone, and create backups of WordPress sites, is vulnerable in versions 1.3.26 and below....
  3. What is Japanese SEO Spam, a type of WordPress malware?
    We will explain about Japanese SEO Spam, which is a malware that embeds fake Japanese product sites in WordPress....
  4. Be careful if the incorrect WordPress plugin Core Stab,Task Controller is in the plugin list!
    We will explain a new type of malware called Core Stab (core-stab) or Task Controller (task-controller), which is often found on the websites of our clients who request our malware removal services....
  5. Most Targeted Plugin Vulnerabilities in WordPress, November 2020 Edition
    WordPress Doctor is pleased to inform you of the commonly targeted plugin vulnerabilities in WordPress as of November 2020 that we detect on a daily basis....
  6. Learn how hackers rewrite (alter) files on your WordPress site to increase security!
    As convenience and site functionality increases with the improved capabilities of programs on servers, not just WordPress, tampering with files on servers has become a major problem. In this article, we will explain how hackers rewrite WordPress files and consider ways to improve security....