If you installed any of these two WordPress Plugins:
Please update or remove them immediately from your WordPress site.
The two plugins have vulnerabilities that will allow hackers to either place malicious code on your site to infect your visitors or even gain access to your WordPress website and take full control.
If you are using the Yuzo Related Posts WordPress plugin, please remove it from your WordPress installation ASAP.
We are starting to see customer websites that are using the plugin being redirected to malware websites.
There is currently NO PATCH available. Which means you HAVE TO remove the plugin.
Without going into to much detail:
We have started to pro-actively implement additional protection into our Intrusion detection system to reduce the chance of a successful attack.
We have also began to scan all customers websites for this plugin and remove it if found. However, we of course prefer for you to login to your WordPress admin and remove it yourself as soon as possible.
How to get your WordPress website ready for https.
Starting in July 2018, your site will be marked as “insecure” by Googles Chrome browser. We have added free SSL certificates for all our customers so that you are ready to go right now.
However, often you will need to make some changes to your website to ensure that it uses https:// instead of http://
Here we are showing you how to re-configure your WordPress to use https:
First, login to your WordPress admin and change the WordPress Address and Site Address to https://…
Now, if you made the mistake to use absolute links or images in your WordPress in the past, you now need to change those from http:// to https://.
You could simply go through each and every post and page of your WordPress and manually make that change. If you however have hundreds of pages and post like us, we suggest to use a Search and Replace plugin instead.
The first step for this is to MAKE A BACKUP:
Login to your Control panel and access Softaculous.
Now, get a list of your WordPress installations (1) and Click on the Backup icon next to the WordPress install you are working on (2):
Follow the steps until the backup is complete. Now go back to your WordPress Admin.
Next, add the Search and Replace Plugin
Choose Plugins -> Add New
Now type Search and Replace in the keyword fields. Choose the plugin from “Inpsyde GmbH”.
Install and Activate the plugin as usual.
Now click Tools -> Search & Replace
Now, if you want to be really safe, click Create SQL File and then Download SQL file. This will give you a backup of the database just in case something goes wrong and can be restored very easily using the SQL Import tab.:
Now you click on the Search & Replace tab.
Enter http:// in the Search for field.
Enter https:// into the Replace with: field.
Check the box “Select all tables”
and Dry Run. (This is to test what will happen before anything actually happens.
Click Do Search & Replace.
Here is an example of the result:
Clicking on view details will show you what actually will be changed.
The last step is to UNCHECK “Dry RUN” and choose “Save changes to Database”.
Click “Do Search & Replace” one more time and you are done.
Clear your WordPress Cache as well as browser cache to check the results.
WordPress 3.3 was just released over at WordPress.org.
The HelpingHost.com automated script installers are getting this latest version of WordPress over the next 24 hours after which you will be able to either update your current WordPress or create a new WordPress install using WordPress 3.3
Please remember to update your plugins first and make sure they are compatible with WordPress 3.3.
Do not forget to use the backup function within our Softaculous installer so you can revert easily just in case something went wrong!
The WordPress team is reporting that version 3.3 includes user interface improvements as well as new Developer features worth looking into.