On April 9th, 2013, the Sucuri blog reported that the Social Media Widget WordPress plugin was hiding spam and could inject it into your website. It has also since been removed from the WordPress Plugin Repository. In this video, I’ll show you what you need to do before you delete the plugin that will save you a ton of time. And I’ll show you how to set up another plugin called the Social Sharing Toolkit that pulls double duty for social follow and share.
After you do the steps in the video, go to the free SiteCheck scanner from Sucuri and ensure that all is well with your site and no spam was actually injected yet.
Update: When inputting the new links for your profiles, be sure to use just the ID portion of your profile link.
For example:
http://plus.google.com/116816557257681654233
Only use the numbers at the end.
Don’t use the http://plus.google.com part
See more helpful videos in the full BlogAid Video Tutorial Library
What Every Site Owner Should Know could save you hundreds of dollars and months of frustration. Free with subscription to BlogAid News.
Thanks for this timely warning MaAnna – I’ve not used this plugin myself but I’ve shared your link for my Twitter followers – very concerning!
all the best, Tracey
Thanks for helping spread the word, Tracey. I used it. Loved it, in fact. What a shame.
Great tutorial! I finally have my social icons the way I want them. Thanks!
So glad I already have Social Sharing Toolkit but I really rely on you to keep track of all of this. I passed on the warning through my Facebook page and Twitter. Thank you!
Thanks for the head’s up. I loved that widget. What a pain!
I switched to the plugin you recommended and had no trouble with the sharing buttons, but I can’t seem to get the Follow icons to work on one of the sites I run. I went back in and noticed that you just need the id for your profile, not the entire link (might want to check yours as I tested your FB icon and it is not working), but when I changed to just ids, the icons, still didn’t appear. I’m stumped!
Thanks so much MaAnna for the e-mail this morning, the link to the Sucuri blog post AND this video. I currently use the Social Medial Widget Plugin and love it. I’m so bummed that they felt the need to ruin it by injecting spam into websites :-(
I am, however, glad to see that you can use custom icons in the Social Sharing Toolkit. I have some custom ones (Starbucks cups) that I absolutely love and it’s good to know I can configure the icon path to keep using them.
Again, thanks for being on top of this. I’m off fix my clients’ sites and to see if anyone else needs me to go into their WordPress install and change out their plugin.
Awesome job!
Thanks everyone and glad you found the info helpful. I actually left this plugin on a sandbox site and will be running some tests. I’ll be writing a follow up post with the results, and how you can test your site for residual spam stuff too.
Hi, MaAnna!
Thanks for sharing so much! I have a question — when people use the FB LIKE button, are they liking your post or the page associated with your website? This has been confusing to me, because they aren’t actually ON FB if they’re on your site, so if they’re liking the post, how does that relate to anything on FB?
Thanks in advance!
Allison
That’s a good question Allison. They are liking the post, but not sure how it ties to Facebook as far as where it shows or gets registered as a Like. I’m going to have to ask my social media guru buddies.
So what are you using now, on this post, for example?
Also, I didn’t see any followup about Automattic fixing the plugin and reposting the fixed version as well as the plugin maintainer’s explanation for what happened and apology.
Hi Dave. Did you read the post or watch the video? Both tell you the alternative plugin that’s being used, which is the Social Sharing Toolkit.
Also, it is not the responsibility of Automattic to fix any plugins it didn’t create. And the developer who did create it is probably not going to tell us why he decided to load his plugin with a spam injector and get his plugin banned from the repository.