Malicious WordPress Plugin that Hijacked over 200,000 Websites Finally Removed

In a new attack of hackers against WordPress, a new malicious software was found.  A WordPress plugin known as Display Widgets was found to have a secret backdoor that would allow hackers inside infected websites and modify content.

According to a report by PC Authorities, there have been at least 200,000 websites infected.

The Plugin

The open source plugin “Display Widgets” was reportedly sold off to a third party this year.   Soon after that, the version 2.6.0 was released.  This new version contained code that could download data from users’ servers.  This anomaly was detected by David Law, a UK-based SEO Consultant.  Law then alerted WordFence, an IT security firm.

Mark Maunder, CEO of WordFence, said in a statement, “The authors of this plugin [Display Widgets] have been using the backdoor to publish spam content to sites running their plugin. During the past three months, the plugin has been removed and readmitted to the plugin repository a total of four times.”

Another update of the plugin was released.  Version 2.6.1 contained a file, “geolocation.php” that allowed its developers to modify the content of web pages and post any content they wanted.

It was removed but the plugin returned in September with a new version that included the same malicious code that apparently went unnoticed.

“The authors of the plugin are actively maintaining their malicious code, switching between sources for spam and working to obfuscate the domain they are fetching spam from,” said Maunder.

The Purge

When WordFence CEO Mark Maunder released a statement about the issue, he bluntly said, “If you have a plugin called ‘Display Widgets’ on your WordPress website, remove it immediately. The last three releases of the plugin have contained code that allows the author to publish any content on your site. It is a backdoor.”

The plugin has been removed again and this time we can only hope it is for good.  Last week, though, WordPress announced that there is a clean version of the plugin that is “safe and available.”

WordFence described the malicious code as having originated from a 23-year-old Brit named Mason Soiza.  According to the story, Soiza bought the plugin from Stephanie Wells, from Strategy 11, the original author for $15,000.

When asked Wells said that Soiza was “trying to build one of the largest WordPress plugin companies” which was “already managing more than 34 plugins”.

But the plugin has been ultimately taken down since September 8.  No new updates will be admitted to WordPress.  But for those who already had the plugin installed, WordPress’s Pizdin Dim stated that “the 2.7 version being offered thru the upgrade system is safe and available”.

The Top Five News WordPress Plugins

A nice news plugin on your WordPress site is a good way to keep your audience informed at a glance as they scroll through your website.  These plugins can act as small widgets on your site, provide an entire page of latest news, enable you to customize designs, create an animated news ticker and much more.

These type of widgets are important to give your website an updated look.  Besides that, it is of the interest of many readers to stay up to date with the latest news.

The following are the top five news WordPress plugins.  Use the one that better adapts to your site and its particular needs.

Live News

Live News is a super interactive ticker.   The design is inspired by the news ticker used in news television broadcast to instantly report breaking news, weather, and other updated notifications.

The plugin is highly customizable and offers four sources of news to display as sliding news.  So you get to choose between creating the news from the back-end, get the news automatically, get an RSS feed to retrieve news from or generate the sliding news from the updates of a Twitter account.

The plugin comes free but you can have premium features for $14.

WP Latest News

This WordPress plugin allows you to install and display WordPress news in one of six templates.  You can format your content and use widget positions, the editor, or inside theme pages.   So, you get to keep your visitors informed in a nice and highly customizable format.

The plugin lets the user customize the format, size, and frequency of news.  It really ups the organizational game and allows the visitor to select what is more relevant to them.

The premium feature of this plugin is $19.

Recent Global Posts

This plugin is highly customizable, which makes it pretty adaptable to most WordPress sites.  This application gives the user the option to change the number of posts displayed and even the option to display avatars.  You can actually preset the size of the avatar.

When it comes to reliability and access to customer service, this plugin is what you need to create a nice stream of global news.

Latest News Ticker PRO

Just like they do it in the news, you can now have your breaking news, forecast, or poll results announcement displayed in a nice ticker at the bottom of your site.

The Pro version of this plugin is worth $19 and includes many more features and personalized customer service.

WP News

This is another plugin that provides high customization to it and you can manage, add, or displace wind man.  As for the display, you will decide if you like vertical lines scrolling.  It’s multilanguage, responsive, of easy installation, and full resources.



Make Your Site Respond Faster with W3 Total Cache

Make Your Site Respond Faster with W3 Total Cache

These days speed is a big factor on the web. Your website taking a couple more seconds to load can mean bad news, and there’s no doubt you’ll see the results by optimising your site’s code and loading times. After optimising mine, I noticed a decrease in bounce rate the next day, so it does make a difference. Search engines are starting to take this in as well so practising these SEO skills will help in the long run.

Luckily, if you’re using one of those content management systems that have extremely wide ranges of support options and extensions such as WordPress, then there are some simple solutions. There are a lot of plugins available that claim to instantly speed up your website, so there’s a lot to name, but none of them compares to W3 Total Cache. With all my experience in bespoke web development where I have to optimise static or dynamic websites that don’t have these plugins available; this one for WordPress does cover all the important factors as makes the biggest difference compared to the rest.

Super charge your website with W3 Cache

So What’s So Good About W3 Cache?

This plugin has been worked very hard on and deserves all the credit it gets. I’m surprised the plugin isn’t be sold instead of being available for free. Just by configuring the plugin properly, you can save 80% of your bandwidth and improve the loading times for your pages by at least ten times. It also gives you a Yahoo! YSlow A Grade which ranks your optimisation on some factors, YSlow is the website speed debugging tool by Yahoo! just like Google has PageSpeed and even in PageSpeed you’ll notice massive improvements in your score. It can integrate perfectly with shared hosting servers, but if you’re using a VPS, dedicated server or a cluster based service, then you can make good use of the amount of power available by using Opcode or Memcache for multiple servers which are compelling caching services.

Features and Settings

And that’s only half the story! Each feature categorises the W3 Total Cache settings. The first one is Page Cache; it caches all your pages that make queries using up server resources and time so a static one can instantly be produced to a visitor. The second one is Minify; I don’t use this one, so I left the box un-ticked meaning Total Cache will minify nothing. I had some problems using this feature because I didn’t notice anything being minified what-so-ever when debugging and have always had this problem. A lot of other people have had this problem, and the cause of the issue is yet to be investigated, but I found a better solution for this anyway so there’s no point.

While having the Minify feature disabled in Total Cache, I’ve got the WP-Minify plugin installed which is useful, it minifies all the CSS and JavaScript files into two separate documents and then presents them in the code with a ‘pretty URL’ without parameters, so it works out well. I was a bit disappointed because the W3 Minify features allow you to move separate stylesheets and scripts to different parts of the document and can be removed from a certain page if not used, so it’s even more optimised. Nonetheless, the other plugin does the job quite well, and I’ve never had any problems with it.

5 WordPress Plugins Every Blogger Needs

5 WordPress Plugins Every Blogger Needs

Just wading through the WordPress plugin repository can be overwhelming for someone who wants to start a blog or is thinking of starting one. There are thousands of plugins to choose from at any time. Let’s just look at five plugins that every serious blogger should have on their blog.

Simple Share Buttons

Sharing is caring. So when you write your posts and publish them, you should make it easy for both visitors and readers to share them. Simple Share Buttons is a good plugin for that purpose. It’s easy to set up and customize. This nifty plugin gives you the option to create floating social media sharing buttons as well as fixed buttons that you can embed either at the top or bottom of your posts.

WP Super Cache

Page load time is one of those things that you shouldn’t compromise as a blogger. No one wants to access a post that takes 5-10 seconds to load in their browser. To speed up content delivery, install WP Super Cache. It’ll serve cached static files and reduce memory usage and ultimately speed up your blog dramatically.

Yoast SEO

You’ve heard the hackneyed phrase, “SEO is King“. That phrase just holds true. If you’re going to set up your blog, you’re going to need an SEO plugin to take care of on page/post optimization. None does a better job than Yoast SEO. You can use it to create meta descriptions, SEO titles, sitemaps, and even check for keyword appearance as well as the readability of your text. There is a free version and a premium one.  Here is how to set up Yoast.

Contact Form 7

As a blogger, you need to have a form that readers and visitors can use to contact you. There are many plugins that can do this job but one stands out – Contact Form 7. It’s easy to setup and customize. You can create multiple forms with various fields to capture names, emails, and phone numbers and embed them to various pages. What’s more? You can easily style your forms. No CSS knowledge or special coding is required.


Chances are this is one of those plugins whose notification is gonna pop up the moment you install your blogging theme. And rightly so because a lot of bloggers out there are bombarded with spam. Seriously, you don’t want to wake up each morning to delete hundreds of spam comments in your dashboard. Just install Akismet, register an account at their main site, add the API key, and you’ll never have to worry about spam ever.

Copyright MBP Ninja Affiliate 2017
Tech Nerd theme designed by Siteturner