Anyone who is using the Social Media Widget WordPress plugin should deactivate it and remove it asap. Securi has reported the plugin is coded to inject “Pay Day Loan” spam into your website:
The malicious code was added only 12 days ago when they launched the version 4.0 of the plugin. So we are recommending that everyone removes that plugin immediately until we have more information. Our free SiteCheck scanner does identify if your site has been injected with this type of SPAM.
This popular plugin creates a simple sidebar widget that displays your social media links. More than 935,000 people have downloaded the plugin and it is estimated that thousands of WordPress sites maybe infected. Fortunately, the steps to take to clean your site of malicious spam activity are simple.
What to Do Before You Remove the Social Media Widget WordPress Plugin
Before you deactivate and remove the plugin save your social networking information. This video from Blog Aid tells you how to do it. MaAnna Stephenson even takes you through the steps of setting up a replacement plugin – Social Sharing Toolkit. After following in her excellent instructions for styling and placement you may find yourself more pleased with the display and performance of your social media icons.
You Loved the Plugin – Will it Ever Return?
The WordPress Core Team upon discovering the issue removed the plugin from the WordPress Plugin Repository and issued a security update to the plugin users. For those of you that loved this plugin it may return as the team is, ” … working with the current maintainer of the plugin to ensure that everything is good, all problems are solved, all i’s dotted and all t’s crossed.” Follow this support thread for the Social Media Widget to keep track of the progress.Sue Surdam | Artizon Digital | WordPress Specialist and Social Media Solutions | 503-577-1035