If You Use the Social Warfare Plugin on a WordPress Site, GO TURN IT OFF RIGHT NOW

If you use the popular social sharing plugin Social Warfare, go turn it off. Go turn it off immediately, and then read this post to learn why.

I need to go take care of my clients’ sites, but here’s the short answer: Hackers have found a way to use that plugin (if it is running on your site) to redirect your visitors to another site. I just saw this happen to my site.

I will try to come back and write a more detailed explanation about how this happened and what you should do next, but right now I need to go help clients – that’s how serious this is.

A security flaw was identified today, one that let hackers inject code into any page or post on a WordPress site that had the Social Warfare  share buttons. While the affected sites were not directly hacked, hackers were able to use this flaw to attack a site’s visitors. On my site, for example, the hackers were redirecting visitors to a “your PC is infected with viruses” scam.

As a short term solution, I recommend that anyone who has this plugin on their site immediately disable it.  This will stop hackers from attacking your site’s visitors.

If you are one of my support plan clients, I took care of this already, and informed you by email.

The long term solution is to find a replacement plugin. Yes, I want you to replace this plugin (that is what I am going to do).

I have used the Social Warfare plugin for about two years now, and in that time I have had multiple bad experiences with the plugin damaging my site when the plugin was updated. I no longer have any confidence in this developer any more.

image by Ada Be via Flickr

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder of The Digital Reader. He has been blogging about indie authors since 2010 while learning new tech skills weekly. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.


  1. Sharon26 March, 2019

    Thanks, Nate.

    1. Nate Hoffelder26 March, 2019


  2. […] that the most likely cause was the Zero-Day security flaw discovered in the Social Warfare plugin a couple weeks ago. One of the client sites on my server has that plugin but did not get updated, and  that site […]

Leave a Reply

Scroll to top