Skip to main content

If You Use the Social Warfare Plugin on a WordPress Site, GO TURN IT OFF RIGHT NOW

If you use the popular social sharing plugin Social Warfare, go turn it off. Go turn it off immediately, and then read this post to learn why.

I need to go take care of my clients' sites, but here’s the short answer: Hackers have found a way to use that plugin (if it is running on your site) to redirect your visitors to another site. I just saw this happen to my site.

I will try to come back and write a more detailed explanation about how this happened and what you should do next, but right now I need to go help clients – that’s how serious this is.

A security flaw was identified today, one that let hackers inject code into any page or post on a WordPress site that had the Social Warfare  share buttons. While the affected sites were not directly hacked, hackers were able to use this flaw to attack a site’s visitors. On my site, for example, the hackers were redirecting visitors to a "your PC is infected with viruses" scam.

As a short term solution, I recommend that anyone who has this plugin on their site immediately disable it.  This will stop hackers from attacking your site’s visitors.

If you are one of my support plan clients, I took care of this already, and informed you by email.

The long term solution is to find a replacement plugin. Yes, I want you to replace this plugin (that is what I am going to do).

I have used the Social Warfare plugin for about two years now, and in that time I have had multiple bad experiences with the plugin damaging my site when the plugin was updated. I no longer have any confidence in this developer any more.

image by Ada Be via Flickr

Similar Articles


Sharon March 26, 2019 um 8:04 am

Thanks, Nate.

Nate Hoffelder March 26, 2019 um 8:17 am


Six Things I Learned When My Websites Got Hacked | Nate Hoffelder September 9, 2019 um 11:31 pm

[…] that the most likely cause was the Zero-Day security flaw discovered in the Social Warfare plugin a couple weeks ago. One of the client sites on my server has that plugin but did not get updated, and  that site […]

Write a Comment