In September 2017. the popular Display Widgets plugin was removed from the WordPress plugin repository because it was hacked.
What to Do if you have Display Widgets Installed
If you use the WordFence Security plugin on your website, you were already alerted in your WordPress dashboard about the Display Widgets vulnerability. Hopefully, you already updated the plugin.
For users who do not update regularly, it’s imperative you sign in to your WordPress site and update the Display Widgets plugin immediately. Otherwise, your site may display spam or malware.
Since Display Widgets has now been restored to the pre-malicious event status (v. 2.05), once you update it to version 2.7, your site is safe.
However, the plugin will no longer be maintained. Another issue with the clean update to version 2.7, it will continue to show in your dashboard that the plugin needs to be updated. For these reasons, it is recommend to install an alternative plugin.
These are a few of the plugins that can replace Display widgets:
How to Replace the Display Widgets Plugin and Transfer the Settings
If you have a lot of widgets that were customized using the Display Widgets plugin, there is a way to transfer the settings.
Installing the Widget Options Plugin
First, install the new plugin before deleting the old one by following these steps:
- Log in to your WordPress dashboard.
- Click Plugins > Add New.
- Search for Widget Options.
- From the results, find Widget Options then click Install.
- Once the plugin is successfully installed, click Activate.
Transferring Settings from Display Widgets to the New Plugin
Now that the new plugin is activated, open each widget and transfer the settings following these steps:
- Click Appearance > Widgets.
- In the widget area list, expand the first widget area.
- Open each widget and copy the Display Widgets information into the Widget Options section. Go through the list carefully and make sure to select the following in the new plugin:
- Hide/Show on checked pages
- Select all pages, posts, taxonomies that were selected in Display Widgets.
- Click Save.
- Click Close.
- Repeat this process for every widget in every widget area.
Testing the Widgets
Once you finish transferring the settings for every widget, go back to Plugins and deactivate Display Widgets.
Once the old plugin is deactivated, TEST YOUR SITE. Go page-by-page and make sure your widgets are displaying on the correct pages. Once you are satisfied everything is correct, it’s safe to delete Display Widgets.
h/t: Thanks to Lise Galipeau for alerting me to the issue.