Comment on Display Widgets Plugin Review by SEO Gold Coast Services.

I’ve released a Free Security Update/Upgrade of the Display Widgets Plugin which is called v4.0.0 and is malicious code free and extends the widget logic features. I’ll be supporting the new version with new future updates: it’s not going in the WordPress Repository so I’ve added a custom update library (updates from my server not the WordPress plugin repository).

I couldn’t agree more about the plugin team having a real issue here, the Display Widgets plugin has really highlighted failings in their system, a system best described as putting out fires rather than fire prevention: I emailed them over a dozen times about this plugin and they missed the malicious code at least twice when they rechecked the code!!!

The Display Widgets plugin isn’t even a big plugin, the hacked versions were two files, one containing pretty much the original 2.05 code and the geolocation.php file that was 50% tracking code and 50% malicious code (to create a dynamic post to hack sites). I’d hate to think what could be hidden in some of the huge plugins (dozens of php files) in the repository!

I’m just a WordPress user like you and noticed the tracking issue, but wasn’t looking for malicious code, the plugin team should be looking for this sort of thing when a new developer with no track record has consistently broken the plugin repository rules over and over again with a plugin they paid money for: that should have rang alarm bells, a business doesn’t buy a plugin without a plan to monetize and free plugins are difficult to make money from.

This is a case study of incompetence, they missed the malicious code at least twice, missed user reports (including a trac ticket) of malicious code, took days to release the v2.7 update and still haven’t forced a upgrade meaning there’s tens of thousands of WordPress sites running vulnerable 2.6 code which THEY are responsible for allowing in the repository!

Regarding hacked sites, I wrote a comment about how to clean a site at How to Clean a Hacked WordPress Site.

I’m still not sure how much damage the hacker has done to WordPress sites, so don’t know how much to worry about this.

David Law

More Comments on Display Widgets Plugin Review by SEO Gold Coast Services


Display Widgets Plugin Vulnerabilities

Sorry to hear of the problems.

In principle yes the hack could have compromised your site in other ways.

I never installed the Display Widgets Plugin v2.6.* on a live site, only …


Adopting the Display Widgets Plugin

Thanks for your kind words :-)

A couple of small inaccuracies in your comment above.

The WordPress plugin team didn’t delete/close/moderate my WordPress forum support posts, it was “Jan Dembowsi” (@jdembowsi) a …


Display Widgets Plugin v2.7 Download

There’s some info on the Display Widgets support forum about the 2.7 update, but you can’t get to it easily because the main Display Widget Plugin page is still closed …


How to Clean a Hacked WordPress Site

Sorry to hear your site is hacked, there’s probably tens of thousands of Display Widget v2.6.* users in the same boat!

I’ve not looked at a Display Widget Plugin v2.6.* hacked …


Display Widgets Plugin v2.6.3.1 Review

I said I wasn’t going to waste my time contacting the WordPress plugin team again, but I couldn’t help myself, the Display Widgets plugin developer is a hacker and is …


Display Widgets Plugin v2.6.1 Deleted from the Plugin Repository

Originally posted to the WordPress support forum…

WordPress has deleted the Display Widgets plugin again, (twice in a week!) this time because of version 2.6.1.

The cause is the code in the …


Display Widgets Plugin Geolocation Tracking Visitors without Permission

Originally posted to the WordPress support forum…

I have a question regarding the visitor data you are tracking/storing and your terms at http://geoip2.io/terms.html: the site has been deleted.

Section 10. Privacy policy …


More Comments by SEO Gold Coast Services


Google Defamation Process

Most likely Google alone.

Google trusts what they are told via the defamation reports, there doesn’t appear to be any detailed checking on Google’s part!

So if someone makes a credible defamation …


Google Mobile Usability Test

SEO tools like SEOptimer are generally not very good, they are built by programmers who are human and they make mistakes, so I’d take the SEOptimer Usability Device Rendering F …


Twitter Permanent Suspension

When you said “I apply most of the tricks talked about in this article” does that mean you are following at least 400 Twitter accounts everyday and unfollowing them all …


Camping World Biloxi

This is a Camping World Biloxi SEO test.

The Camping World Biloxi Google search phrase sees around 1,900 searches a month, a number 1 Google listing for Camping World Biloxi would …


Revolution Slider JS Bloated

All because I avoid using flashy JS features via plugins like Slider Revolution to maximise pagespeed does not mean I don’t know how to use flashy Javascript features whilst minimising …


GTmetrix Website Speed Test Location

Regarding GTmetrix speed testing you have to take into account hosting location when comparing 2 websites targeting different countries.

My SEO Gold site which mostly targets the UK market is hosted …


Revolution Slider Images NOT Responsive

The Revolution Slider SEO Optimization article is a snippet of a larger article Optimized Images Load Faster and Consume Less Cellular Data which looks at a website created by a …


It’s Illegal to Threaten Someone Online

WoW! I critique the old out of date web design of a local Skegness business and James Smith (AKA: fake name) resorts to childish personal insults, why would you do …