Warfare Plugins has already fixed the problem. If you update the plugin, the redirects will go away. DO IT NOW if you have this plugin installed. But do read on for additional actions you should probably take.
This happened today, 3/21/19 Zero day hack – details at https://warfareplugins.com/submit-ticket/
Warfare Plugins should be commended for how quickly they fixed the problem – within hours. The fix is quick and easy.
SYMPTOM: Older posts redirect to sales pages. Does not affect home page or other pages or recent posts.
GOOD NEWS: Updating the plugin gets rid of the hack.
ADDITIONAL ADVICE from WordPress Developer Will Patton of Pattonwebz
WERE YOU LOGGED IN? If you were logged into any WordPress site between the time the exploit occurred and that site updates the plugin, you need to change your password. If you have contributors who were logged in, they also need to change their passwords.
If your site has an additional page blocking your login page, you are protected and don’t need to do this. If in doubt, just CHANGE YOUR PASSWORD as a precaution. This is in case the hackers were able to hijack cookies and sessions for later access.
SITES WITH MANY CONTRIBUTORS: If there is any chance any contributor was logged in, Will advises changing your salts. Inside the `wp-config.php` are a set of random digits called ‘salts’. If one of those numbers changes then all sessions are automatically invalidated.
Will said:
If anyone is technical enough to attempt to change salts then let them know we have a safe salt generator endpoint at WordPress.org at https://api.wordpress.org/secret-key/1.1/salt/
If you are not technical, update the plugin and change your password. Then contact your tech person. If you do not know how to update a plugin, ask any other blogger you know. They can walk you through it. It is easy (but except in emergencies, it is always best to do a new backup first).
Even though we do NOT usually suggest anyone update a plugin without knowing for sure the status of their backups first (as any update could cause your site to go down), in this case we do recommend you do so. Will said:
If they don’t update the plugin then they will loose traffic to the redirects and Google may also follow those redirects, too. So in this case, we advise updating now even if you cannot reach your tech support person. (The odds of having issues updating this plugin are extremely small.)
How to Update a WordPress Plugin
Here is a video on how to update a plugin. Note that your dashboard will not look exactly like this, but the plugin updating process should be the same. Only update Social Warfare Plugin if you do not know the status of your backups.
If you have questions, leave them in the comments and I will check them frequently. Or contact Warfare Plugins through their support link at https://warfareplugins.com/submit-ticket/.
Gail Gardner
Well, today I have found my blog in the hands of some Russian Financial expert and I had social warfare. coincidence?
Hi Jere,
Possibly not. Contact Warfare plugins and ask them. Did updating the plugin eliminate them? It may not be related, but could be. This site was cloned by Russian hackers a while back and that had nothing to do with Social Warfare.
I was pretty annoyed that NameCheap (my registrar and also the registrar of the thieves) refused to take their fake site down. They probably make a small fortune off hackers stealing sites, so they don’t want to lose the income. But most wouldn’t think to ask. They could at least do it for the few that do.
Gail Gardner would love you to read ..Twitter Chats: Why Small Businesses Should Use Them. #smallbiz
Interesting I also have NameCheap. So are you saying that NameCheap is also involved with hacking?
Thankyou so much for this off to update now ! I found out this morning I had been hacked so I guess as well as this I need to change my password. How frustrating!
becky would love you to read ..Bricks for beginners
Hi Becky,
Sorry your site was affected. But the good news is if that is all they did, recovery is easy. I’ve seen some really bad hacks where it took experts hours or longer to resolve the problems.
Gail Gardner would love you to read ..Twitter Chats: Why Small Businesses Should Use Them. #smallbiz
I have the plugin installed but had deactivated it weeks ago. Should I Reactivate with the updated code and then deactivate again and delete??
Hi Blythe,
You might want to ask Warfare plugins, but I would say, yes, update it and then activate it. Then deactivate it and delete it. Also, to be on the safe side, I would change your passwords (and have any other contributors change theirs) just in case.
Gail Gardner would love you to read ..Why Partnerships are the Ultimate Growth Hack
Hi Gail
That was a timely alert and I spread the news to a forum called BloggersPassion VIP Group and there the group Admin was facing the similar problem and I alerted with this post link and also i spread the news thru my FB pages too.
Thanks for the timely alert for the updation of this plugin.
Keep up the good work.
Best Regards
~ Phil
PS. I posted this comment yesterday but I got a message saying your name is too long.
I posted again with a short name. But I got a message saying the same message this is the third time oi am posting this hope it will reach. 🙂
P V Ariel would love you to read ..Study God’s Word (Bible) In A Systematic Way Via Emmaus Academy
Thanks, Phil. Some bloggers won’t realize it and could be losing most of their traffic for who knows how long.
Gail Gardner would love you to read ..Do You Want to Be an Influencer? Read the Advice Josh Steimle Shared
Thanks for the update, it was really critical and probably saved me.. 🙂
Hi Glenn,
I’m glad you saw the information. Unless you have a pop-up protecting your login page, do change your passwords – just in case.
Gail Gardner would love you to read ..Your Guide To Launching Your Own Marketing Agency
Hi Gail,
It is always good to fix the problem faster. Thanks, will be sharing it.
Gaurav Kumar would love you to read ..14 Facebook Tricks or Better Facebook Experience (MUST KNOW)
Thanks Gaurav. Many bloggers won’t realize it because this hacker is smarter than the average. It doesn’t trigger any browser warnings. And it doesn’t appear on your home page or other pages or your more recent posts.
They were smart in only targeting older posts so the blog owner is less likely to notice. Fortunately for me, I have a lot of contributors who monitor their existing posts. One of them saw it and contacted me.
Gail Gardner would love you to read ..Why Partnerships are the Ultimate Growth Hack
Happy to tweet to spread the word on this one. Plug in stuff can drive one batty. Maddening, when solutions seem not to be within your reach.
Hi Ryan,
Thank you for helping spread the word. I’m sure many bloggers could go months or longer without realizing their older posts are all redirecting to someone else’s money pages. No telling what that might do to their traffic and rankings.
I am really grateful to Warfare plugins for immediately sending an email out. I had just started diagnosing how my site got hacked when I went to send an email to one of my tech friends who wasn’t on Skype right then and saw it.
And resolving a hack so easily as just updating a plugin was a huge relief. Fortunately for me, my admin login page is protected by a pop-up, so they couldn’t grab any passwords to use later.
I’d love to get you to join our BizSugar Mastermind Community. Just takes a name and email address. And then confirm the email. More details in Why You Should Join Me in the BizSugar Mastermind Community Today.
Gail Gardner would love you to read ..Flipboard is the Future of Content Marketing and PR – AMA with Janette Speyer