Display Widgets is a well-known plugin used by over 200,000 sites, but it has recently been removed from the official plugin directory because it was deemed to contain malware.
In this issue, we will explain the problem and how to deal with it.
How the malware distribution by Display Widgets happened
In mid-June 2017, Display Widgets was sold by the author to another company for the rights to the plugin, which was then controlled by a user calling himself displaywidget.
That same month, David Law posts on the Forum that he suspects the plugin is collecting and transmitting large amounts of server information, including IP addresses, to external parties, and the plugin’s code is suddenly removed from repositories (code sharing sites).
In late June 2017, Display Widgets version 2.6.1 was released with a version containing malware called geolocation.php (code that can tamper with sites), but no one noticed this for a while, and users updating A number of users updated their sites, and a large number of sites were affected by the defacement.
In late July 2017 wordpress.org stops publishing the official directory of plugins.
What should I do if I have Display Widgets installed?
Currently Display Widgets has been removed from the official directory and cannot be updated.
If you are using Display Widgets version 2.6.1 to 2.6.9, it is very dangerous.
Download a clean version of Display Widgets here
After downloading the file, unzip it, use FTP software to delete the display-widget folder in the wp-contents/plugins folder of your current site, upload the unzipped file, and replace it.