WordPress Plugin vulnerabilities – Rich Reviews and GiveWP.

If you installed any of these two WordPress Plugins:

  • GiveWP
  • Rich Reviews


Please update or remove them immediately from your WordPress site.
The two plugins have vulnerabilities that will allow hackers to either place malicious code on your site to infect your visitors or even gain access to your WordPress website and take full control.

If you are unsure how to do this, please contact our support team for help.

In addition, if you are using one of those two plugins, have HelpingHost.com support review your WordPress site to make sure no backdoors or users were installed.


WordPress Plugin – Yuzo Related Posts – is vulnerable to malware.

If you are using the Yuzo Related Posts WordPress plugin, please remove it from your WordPress installation ASAP.

We are starting to see customer websites that are using the plugin being redirected to malware websites.

There is currently NO PATCH available. Which means you HAVE TO remove the plugin.

Without going into to much detail:
The attacker calls this vulnerable plugin with certain parameters that in turn inserts code into the options of this plugin. That code currently seems to be javascript code that performs the various redirects to malware.

We have started to pro-actively implement additional protection into our Intrusion detection system to reduce the chance of a successful attack.
We have also began to scan all customers websites for this plugin and remove it if found. However, we of course prefer for you to login to your WordPress admin and remove it yourself as soon as possible.

If you have any questions or need help, please contact our support team as usual.

How to get your WordPress ready for https

How to get your WordPress website ready for https.

Starting in July 2018, your site will be marked as “insecure” by Googles Chrome browser.
We have added free SSL certificates for all our customers so that you are ready to go right now.

However, often you will need to make some changes to your website to ensure that it uses https:// instead of http://

Here we are showing you how to re-configure your WordPress to use https:

First, login to your WordPress admin and change the WordPress Address and Site Address to https://…

Now, if you made the mistake to use absolute links or images in your WordPress in the past, you now need to change those from http:// to https://.

You could simply go through each and every post and page of your WordPress and manually make that change.
If you however have hundreds of pages and post like us, we suggest to use a Search and Replace plugin instead.

The first step for this is to MAKE A BACKUP:

Login to your Control panel and access Softaculous.

Now, get a list of your WordPress installations (1) and Click on the Backup icon next to the WordPress install you are working on (2):

WordPress https make a backup step 2Follow the steps until the backup is complete.
Now go back to your WordPress Admin.

Next, add the Search and Replace Plugin

Choose Plugins -> Add New

Click on Plugins -> Add New

WordPress HTTPS Add new plugin step 2

Now type Search and Replace in the keyword fields. Choose the plugin from “Inpsyde GmbH”.WordPress HTTPS use search and replace

Install and Activate the plugin as usual.

Now click Tools -> Search & Replace

Now, if you want to be really safe, click Create SQL File and then Download SQL file.
This will give you a backup of the database just in case something goes wrong and can be restored very easily using the SQL Import tab.:

WordPress HTTPS use search and replace db backup

replace http with https

Now you click on the Search & Replace tab.

Enter http:// in the Search for field.

Enter https:// into the Replace with: field.

Check the box “Select all tables”

and Dry Run. (This is to test what will happen before anything actually happens.

Click Do Search & Replace.
The results of the search and replace dry run

Here is an example of the result:

Clicking on view details will show you what actually will be changed.

The last step is to UNCHECK “Dry RUN” and choose “Save changes to Database”.WordPress HTTPS use search and replace step 3

Click “Do Search & Replace” one more time and you are done.

Clear your WordPress Cache as well as browser cache to check the results.

Drupal Vulnerability – Drupalgeddon2 ( CVE-2018-7600 )

If you are using Drupal on your website please read on…

The Drupal CMS team has fixed a highly critical security flaw that allows hackers to take over the site just by accessing a URL. We highly recommend that Drupal site owners immediately update your sites to Drupal 7.58 or Drupal 8.5.1, depending on the version you’re running. If you are unsure how to do so, please contact our Support team.

The Drupal team pre-announced the recent patches last week when it said “exploits might be developed within hours or days” after the disclosure.

This new Drupal Vulnerability allows an attacker to run any code he desires against the Drupal CMS’ core component, effectively taking over the site. The attacker doesn’t need to be registered or authenticated on the targeted site, and all the attacker needs to do is access the URL.

A nickname for this Drupal Vulnerability is “Drupalgeddon2”.

Drupal 6 is also affected. However, since Drupal was declared end of life (EOL) in 2016, NO patches will be issued by the Drupal Team.

CloudFlare Hosting now included in every hosting plan

HelpingHost.com is happy to announce a new partnership with Cloudflare, the web’s easiest performance, and security solution. As a Cloudflare Certified Partner, we deliver their simple and free solution to help protect and accelerate your website. Once your website joins the CloudFlare community, it loads twice as fast and is protected from a range of online threats.

Getting started is super easy—you just need to log into your control panel and look for the Cloudflare icon. With two clicks, you can activate CloudFlare and your website will automatically be faster and safer around the world.

We are pleased to offer you the CloudFlare service for FREE. There is no commitment. Turning CloudFlare on and off takes two clicks of the mouse, so feel free to try it out. We think you’ll like it.

To learn more about Cloudflare, you can take a look at our Cloudflare Hosting page hereCloudFlare Hosting Logo