Comment on Display Widgets Plugin Review by SEO Gold Coast Services.

I said I wasn’t going to waste my time contacting the WordPress plugin team again, but I couldn’t help myself, the Display Widgets plugin developer is a hacker and is up to no good.

It’s been a week since WordPress reinstated the Display Widgets plugin again (is that three or four times, I’m loosing track?) and they keep missing the malicious code, it’s still there!

The plugin developer pushed out a new update, v2.6.3.1 it still has the hacking code and now some base64 code (a way of hiding code: doesn’t mean it’s malicious).

My email to plugins@wordpress.org: this is the email address to report problem plugins, if your site is hacked because of the Display Widgets plugin send them an email and complain.

You guys are really being made to look completely incompetent, who is checking this code out for security issues from a plugin developer who has consistently uploaded problem code?

# https://plugins.trac.wordpress.org/browser/display-widgets/trunk/geolocation.php

See the function at line 186, it’s code for hacking a site, creates a dynamic post for logged out users only and whoever is analyzing the code has dropped the ball several times not catching this one.

For more details see https://seo-gold.com/display-widgets-plugin-review/ specifically this heading: “Display Widgets Plugin v2.6.2.* Includes Hacking Code!!!”

And in the last update some new base64 code at line 268, I wonder what that does.

Thousands of WordPress users are having their sites hacked:

# https://wordpress.org/support/topic/display-widget-inserted-spammy-links/
# https://wordpress.org/support/topic/payday-loans-seo-spam/

What does it take for you to click on the developer is up to no good!

David law

And I was the one moderated on the WordPress forums for asking questions about what the developer was up to!

To check if your site is hacked, log out of WordPress and browse through your site for Posts that shouldn’t be there. You could also do a Google site search, simply paste

site:http://example.com

Into a Google search replacing example.com with your domain name and check what Google has indexed, if you find PayDay loan Posts or similar SPAMMY posts, you’ve been hacked.

David Law

Update September 16th 2017 : I’ve released a Free Security Update/Upgrade of the Display Widgets Plugin.

More Comments on Display Widgets Plugin Review by SEO Gold Coast Services


Display Widgets Plugin Vulnerabilities

Sorry to hear of the problems.

In principle yes the hack could have compromised your site in other ways.

I never installed the Display Widgets Plugin v2.6.* on a live site, only …


Display Widgets Plugin v4.0.0 Release

I’ve released a Free Security Update/Upgrade of the Display Widgets Plugin which is called v4.0.0 and is malicious code free and extends the widget logic features. I’ll be supporting the …


Adopting the Display Widgets Plugin

Thanks for your kind words :-)

A couple of small inaccuracies in your comment above.

The WordPress plugin team didn’t delete/close/moderate my WordPress forum support posts, it was “Jan Dembowsi” (@jdembowsi) a …


Display Widgets Plugin v2.7 Download

There’s some info on the Display Widgets support forum about the 2.7 update, but you can’t get to it easily because the main Display Widget Plugin page is still closed …


How to Clean a Hacked WordPress Site

Sorry to hear your site is hacked, there’s probably tens of thousands of Display Widget v2.6.* users in the same boat!

I’ve not looked at a Display Widget Plugin v2.6.* hacked …


Display Widgets Plugin v2.6.1 Deleted from the Plugin Repository

Originally posted to the WordPress support forum…

WordPress has deleted the Display Widgets plugin again, (twice in a week!) this time because of version 2.6.1.

The cause is the code in the …


Display Widgets Plugin Geolocation Tracking Visitors without Permission

Originally posted to the WordPress support forum…

I have a question regarding the visitor data you are tracking/storing and your terms at http://geoip2.io/terms.html: the site has been deleted.

Section 10. Privacy policy …


More Comments by SEO Gold Coast Services


Google Defamation Process

Most likely Google alone.

Google trusts what they are told via the defamation reports, there doesn’t appear to be any detailed checking on Google’s part!

So if someone makes a credible defamation …


Google Mobile Usability Test

SEO tools like SEOptimer are generally not very good, they are built by programmers who are human and they make mistakes, so I’d take the SEOptimer Usability Device Rendering F …


Twitter Permanent Suspension

When you said “I apply most of the tricks talked about in this article” does that mean you are following at least 400 Twitter accounts everyday and unfollowing them all …


Camping World Biloxi

This is a Camping World Biloxi SEO test.

The Camping World Biloxi Google search phrase sees around 1,900 searches a month, a number 1 Google listing for Camping World Biloxi would …


Revolution Slider JS Bloated

All because I avoid using flashy JS features via plugins like Slider Revolution to maximise pagespeed does not mean I don’t know how to use flashy Javascript features whilst minimising …


GTmetrix Website Speed Test Location

Regarding GTmetrix speed testing you have to take into account hosting location when comparing 2 websites targeting different countries.

My SEO Gold site which mostly targets the UK market is hosted …


Revolution Slider Images NOT Responsive

The Revolution Slider SEO Optimization article is a snippet of a larger article Optimized Images Load Faster and Consume Less Cellular Data which looks at a website created by a …


It’s Illegal to Threaten Someone Online

WoW! I critique the old out of date web design of a local Skegness business and James Smith (AKA: fake name) resorts to childish personal insults, why would you do …