Warfare Plugins has already fixed the problem. If you update the plugin, the redirects will go away. DO IT NOW if you have this plugin installed. But do read on for additional actions you should probably take.
This happened today, 3/21/19 Zero day hack – details at https://warfareplugins.com/submit-ticket/
Warfare Plugins should be commended for how quickly they fixed the problem – within hours. The fix is quick and easy.
SYMPTOM: Older posts redirect to sales pages. Does not affect home page or other pages or recent posts.
GOOD NEWS: Updating the plugin gets rid of the hack.
ADDITIONAL ADVICE from WordPress Developer Will Patton of Pattonwebz
WERE YOU LOGGED IN? If you were logged into any WordPress site between the time the exploit occurred and that site updates the plugin, you need to change your password. If you have contributors who were logged in, they also need to change their passwords.
If your site has an additional page blocking your login page, you are protected and don’t need to do this. If in doubt, just CHANGE YOUR PASSWORD as a precaution. This is in case the hackers were able to hijack cookies and sessions for later access.
SITES WITH MANY CONTRIBUTORS: If there is any chance any contributor was logged in, Will advises changing your salts. Inside the `wp-config.php` are a set of random digits called ‘salts’. If one of those numbers changes then all sessions are automatically invalidated.
If anyone is technical enough to attempt to change salts then let them know we have a safe salt generator endpoint at WordPress.org at https://api.wordpress.org/secret-key/1.1/salt/
If you are not technical, update the plugin and change your password. Then contact your tech person. If you do not know how to update a plugin, ask any other blogger you know. They can walk you through it. It is easy (but except in emergencies, it is always best to do a new backup first).
Even though we do NOT usually suggest anyone update a plugin without knowing for sure the status of their backups first (as any update could cause your site to go down), in this case we do recommend you do so. Will said:
If they don’t update the plugin then they will loose traffic to the redirects and Google may also follow those redirects, too. So in this case, we advise updating now even if you cannot reach your tech support person. (The odds of having issues updating this plugin are extremely small.)
How to Update a WordPress Plugin
Here is a video on how to update a plugin. Note that your dashboard will not look exactly like this, but the plugin updating process should be the same. Only update Social Warfare Plugin if you do not know the status of your backups.
If you have questions, leave them in the comments and I will check them frequently. Or contact Warfare Plugins through their support link at https://warfareplugins.com/submit-ticket/.
Latest posts by Gail Gardner (see all)
- Amazon: The Wal-Mart of the Internet - September 17, 2020
- 2020 Review: How to Use accessiBe To Make ADA Compliant Websites - September 13, 2020
- Career Choices: How to Find Work in the Remote Economy [Infographic] - August 28, 2020