Display Widgets is a well-known plug-in used by more than 200,000 sites, but this time it was deleted because it contained malware from the official plug-in directory.
This time, we will explain the problem and how to deal with it.
Malware distribution incident by Display Widgets
In mid-June 2017, it seems that Display Widgets was sold to other companies by the author, and a user named displaywidget will manage this plug-in.
In the same month, David Law posted to Forum that there was a suspicion that this plug-in collected a large amount of server information such as IP addresses and sent it to the outside, and the plug-in code from the repository It have deleted suddenly.
Late June 2017 Display Widgets version 2.6.1 was released with a version of geolocation.php containing malware (a code that allows site tampering), but no one will notice it for a while and will update it Users will continue, and a large number of sites have been damaged.
Late July 2017 wordpress.org stoped publishing the official plugin directory.
What should I do if I have Display Widgets installed?
Currently, Display Widgets has been deleted from the official directory, so it cannot be updated.
If you are using Display Widgets version 2.6.1-2.6.9, it is very dangerous, so volunteers have released a version of Display Widgets with the malware removed, so it will be replaced with this file.
You can download directly from this link.
Download the secure DisplayWidgets plugin from here.
After downloading the file, unzip it, use FTP software to delete the display-widget folder in the wp-contents / plugins folder on the current site, and upload and replace the decompressed file abobe.