Blogging for Business

If you aren’t following WordPress or WordPress security, you may not have heard about the recent plugin fiasco. There’s a plugin called Display Widgets. I would link to the plugin, but it’s been removed from the WordPress Repository.

The Display Widgets plugin was a nifty little plugin that allowed you to control which pages/posts your widgets would get displayed on. So say I wanted a special widget that would only appear the About page, with this widget, I could make that happen.

Over the years, I used that plugin on a lot of sites. It was popular, with the last report of more than 200,000 active users.

Recently, it came to light that it was being exploited to put spam on your website through a backdoor. In fact, the plugin was putting spam on websites and did it in such a way that if you were logged into your site, you wouldn’t even see it, making it hard to remove for many site owners, especially since they didn’t know how it was getting there. Turns out, a man bought this plugin from the original owner and then used it to add malicious code and released it as an update which thousands of WordPress users updated, thus injecting their own sites with this malicious code. WordFence has a good write up on the guy who pulled this off, and it’s pretty slimy.

What do I do now?

If you aren’t using the plugin or it’s not essential to your site, delete it immediately.

If you are using the plugin, here’s what you do (and here’s what I did on about 25 sites yesterday.) First, add a new plugin called Widget Options to your site and activate. Then also add a migration plugin called Widget Options Migrator (download here) to your site and activate it. Then simply go to Tools_>Widget Options Migrator and hit the “Process Migration.”

Once finished, deactivate and delete the Display Widgets plugin and the Widget Options Migrator. Be sure to check that your widgets are all working as expected.

Here’s a more step by step guide to migrating from the folks at Widget Options.

Be safe out there!

Posted in , | Tagged with
Amy Masson, Web Developer

Amy Masson

Amy is the co-owner, developer, and website strategist for Sumy Designs. She's been making websites with WordPress since 2006 and is passionate about making sure websites are as functional as they are beautiful.


  1. Emma Lipson on October 9, 2017 at 8:37 am

    Thank you! Extremely useful and clear instructions on how to fix the display widget issue. I have just used in on my website. Just to let you know, the download link is not working in your article. It is however in the step by step link.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.