The popular social share plugin, Social Warfare, has been hacked.
Don’t panic, though!!! Here are the steps you need to take next.
UPDATE: The plugin devs have released a patch and emailed all subscribers. They have also submitted the patched version to the WordPress plugin repository to get reinstated.
Info about what to look for in the database to clean the hack, if you got popped, is available here.
If you are thinking about switching to Social Pug see my review with settings and tips.
See this BlogAid Today livestream on Facebook for the quick story. (Follow me on Facebook to get these tips immediately.)
And see more details below it.
Wordfence posted about a Zero Day Vulnerabilty found in the Social Warfare plugin.
Even though they did not provide details, every hacker on the planet now knows there is a weakness to be exploited.
What Should I Do?
Do not delete the plugin!!
Simply deactivate Social Warfare.
A patch is on the way and you will be able to reactivate the plugin and get it.
You’ll also need to reactivate the plugin, with that patch, to switch to another similar plugin.
Get on Cloudflare Pro
The paid version of Cloudflare has 20+ OWASP security protections built in.
These include the most common and frequent attacks on WordPress sites, which are XSS (Cross Site Scripting) and SQL injections on the database.
They both happen on plugins ALL the time.
I could not sleep without knowing that Cloudflare is protecting my money making sites around the clock.
$20/mo is CHEAP peace of mind, especially compared to the cost of being hacked, not only for the repair, but for the loss of revenue during the down time too. Not to mention the toll it can take on your SEO and Google removing your site from SERPs that could take months to fully recover.
The WAF (Web Application Firewall) you get in the Cloudflare Pro plan has to be properly configured.
DIY site owners, contact me to do get your site safe in a live session.
Better yet, get a site audit and find ALL your site security holes and performance drags.
Webmasters and designers, all of the tutorials for full Cloudflare settings are in your Webmaster Training tutorials.
Switch to Social Pug
If you need all the extra Pinterest features, the Social Pug plugin has them – and WAY more.
You can use the Import/Export feature in Social Pug to bring over all of your custom settings and Tweets and such from Social Warfare.
You’ll also be able to drop your social follow plugin and use the one in Social Pug.
That will help speed up your site.
And, when version 2.6 rolls out, you will be able to drop Tasty Pins, as Social Pug will have all of those features too.
READ: Best Paid Social Share Button Plugins for more.
The beta version of 2.6 is what I tested for that post. I’m in touch with the plugin dev to see when it will be rolling out. Should be soon and I’ll update this post, plus have a full review with screenshots, and a tutorial for importing from other plugins.