The Display Widgets plugin in its day was the plugin of choice to manage your sidebars. If you had sidebars on your theme, you may want only 3 widgets shown on your about page. Then you want these “other” 3 shown only on your blog. With this plugin it could do that. Even though with the Gutenberg editor on the horizon I doubt sidebar will exist in coming months.
However, there are WordPress sites still running this plugin and have not removed it. For those that are you must do so now regardless of the consequences of your content. This warning is not new. It was issued back in September. But if you are not a website manager, or savvy with WordPress, you are probably still unaware.
The warning from Wordfence CEO Mark Maunder was blunt:
If you have a plugin called ‘Display Widgets’ on your WordPress website, remove it immediately. The last three releases of the plugin have contained code that allows the author to publish any content on your site. It is a backdoor.
How to delete it
Simply login to your WordPress website (link tut video) and click “deactivate.” Then Click “delete” and confirm. Now the backdoor is closed and you’ll noticed that your sidebars are all visible to your website visitors.
Now what
If you have JetPack active open a widget and use its built in solution to select what pages or posts you would like that widget to appear on. With JetPack being actively developed by Automattic – Creators of WordPress – you’re better off and wont have this issue again.
Yes it sucks
Most people will rush to blame WordPress. WordPress did not make the Display Widgets plugin. That author did and chose to not secure it. WordPress actually is protecting you. Which is why the plugin was removed. WordPress has standard to how themes and plugins are coded and maintained. They are software therefore they are susceptible to hacking. But with the hundreds involved in the WordPress community for both development and security you’re a part of that community and not alone when this happens.
If you are not sure how to remedy this and have this plugin on your site, contact us Element 502 and our WordPress experts will give you a free one time consultation and help you remedy this security backdoor and replace it with a much more stable solution.
Please understand that if your WordPress website is not running the latest version of WordPress or your theme, this may not be possible to replace with a new solution. But we can help guide you there too on how to fix your website overall and keep it running securely online.
Source:
