WordPress Plugin vulnerabilities – Rich Reviews and GiveWP.

If you installed any of these two WordPress Plugins:

  • GiveWP
  • Rich Reviews


Please update or remove them immediately from your WordPress site.
The two plugins have vulnerabilities that will allow hackers to either place malicious code on your site to infect your visitors or even gain access to your WordPress website and take full control.

If you are unsure how to do this, please contact our support team for help.

In addition, if you are using one of those two plugins, have HelpingHost.com support review your WordPress site to make sure no backdoors or users were installed.


WordPress Plugin – Yuzo Related Posts – is vulnerable to malware.

If you are using the Yuzo Related Posts WordPress plugin, please remove it from your WordPress installation ASAP.

We are starting to see customer websites that are using the plugin being redirected to malware websites.

There is currently NO PATCH available. Which means you HAVE TO remove the plugin.

Without going into to much detail:
The attacker calls this vulnerable plugin with certain parameters that in turn inserts code into the options of this plugin. That code currently seems to be javascript code that performs the various redirects to malware.

We have started to pro-actively implement additional protection into our Intrusion detection system to reduce the chance of a successful attack.
We have also began to scan all customers websites for this plugin and remove it if found. However, we of course prefer for you to login to your WordPress admin and remove it yourself as soon as possible.

If you have any questions or need help, please contact our support team as usual.

How to get your WordPress ready for https

How to get your WordPress website ready for https.

Starting in July 2018, your site will be marked as “insecure” by Googles Chrome browser.
We have added free SSL certificates for all our customers so that you are ready to go right now.

However, often you will need to make some changes to your website to ensure that it uses https:// instead of http://

Here we are showing you how to re-configure your WordPress to use https:

First, login to your WordPress admin and change the WordPress Address and Site Address to https://…

Now, if you made the mistake to use absolute links or images in your WordPress in the past, you now need to change those from http:// to https://.

You could simply go through each and every post and page of your WordPress and manually make that change.
If you however have hundreds of pages and post like us, we suggest to use a Search and Replace plugin instead.

The first step for this is to MAKE A BACKUP:

Login to your Control panel and access Softaculous.

Now, get a list of your WordPress installations (1) and Click on the Backup icon next to the WordPress install you are working on (2):

WordPress https make a backup step 2Follow the steps until the backup is complete.
Now go back to your WordPress Admin.

Next, add the Search and Replace Plugin

Choose Plugins -> Add New

Click on Plugins -> Add New

WordPress HTTPS Add new plugin step 2

Now type Search and Replace in the keyword fields. Choose the plugin from “Inpsyde GmbH”.WordPress HTTPS use search and replace

Install and Activate the plugin as usual.

Now click Tools -> Search & Replace

Now, if you want to be really safe, click Create SQL File and then Download SQL file.
This will give you a backup of the database just in case something goes wrong and can be restored very easily using the SQL Import tab.:

WordPress HTTPS use search and replace db backup

replace http with https

Now you click on the Search & Replace tab.

Enter http:// in the Search for field.

Enter https:// into the Replace with: field.

Check the box “Select all tables”

and Dry Run. (This is to test what will happen before anything actually happens.

Click Do Search & Replace.
The results of the search and replace dry run

Here is an example of the result:

Clicking on view details will show you what actually will be changed.

The last step is to UNCHECK “Dry RUN” and choose “Save changes to Database”.WordPress HTTPS use search and replace step 3

Click “Do Search & Replace” one more time and you are done.

Clear your WordPress Cache as well as browser cache to check the results.

WordPress 3.3 has arrived

WordPress 3.3 was just released over at WordPress.org.
The HelpingHost.com automated script installers are getting this latest version of WordPress over the next 24 hours after which you will be able to either update your current WordPress or create a new WordPress install using WordPress 3.3

Please remember to update your plugins first and make sure they are compatible with WordPress 3.3.
Do not forget to use the backup function within our Softaculous installer so you can revert easily just in case something went wrong!
The WordPress team is reporting that version 3.3 includes user interface improvements as well as new Developer features worth looking into.