WordPress plugin Display Widgets hackedA

backdoor has been discovered with the Display Widgets plugin that grants access to hackers so they can modify content on the website and spread malware. This is not the first time a WordPress plugin has had some issues. In fact, there are plugins that are not updated and are no longer suitable for use with the later versions of WordPress hosting.
If you have Display Widgets installed within your WordPress website, it is advisable to uninstall them as soon as possible. And then scan your website for malware.

UpdatingIt

makes no difference to update to the latest version of the plugin, as the backdoor is in the core of the files. The plugin has also been removed from the WordPress website and therefore cannot be installed through the standard ways. It appears that since the plugin has changed owners a couple of times, something has gone wrong with it and malicious code has been deployed.
In the past few months the plugin has been removed from the WordPress website 4 times due to problems. After updates from the plugin creator, it has been approved and made available again each time. In update 2.6.1 of the Display Widgets plugin, a file called geolocation.php is present. This contains the code to provide access to the entire website. It also passes IP addresses and page activity to an external source. Which, of course, has all the consequences of that.

What should you do to keep up?

The first reports of the leaks were reported in WordPress hosting forums from site owners who discovered spam on pages. After this, it quickly escalated and was quickly fixed by WordPress by removing it. However, you will have to check your website for the plugin yourself and remove it after this.
MijnHostingPartner.nl recommends to always keep your WordPress version up to date. It is also very important to check your plugins for leaks and problems. It is advisable to keep the number of plug-ins to a minimum. Keep an eye on a number of news sources to keep abreast of such developments.