Due to a security vulnerability in a 3rd-party WordPress plugin called Wassup, one of our clients had their site hacked and their RSS feeds inserted with warez links and spam-like info. We recommend that if you are running the Wassup plugin, you deactivate in the plugin in the WordPress control panel and find an alternate source of stats tracking. We like Mint!
How to deactivate & remove your Wassup plugin:
- Go to your WordPress Dashboard.
- Find “Plugins” on the left sidebar and drop the menu open by clicking the arrow on the right that will appear when you hover over it. (It menu may already be visible.)
- Choose “Installed Plugins”.
- From the list that loads on the right, find the Wassup plugin and click the “Deactivate” link on the right.
- If you also have VSTATS plugin installed,we recommend deactivating that as well.
- Once that’s done, log into your server using FTP (or if you manage your files via server control panel interface, that’s fine, too) and go to /public_html/wp-content/plugins/ and remove the entire /wassup folder, as well as the vstats.php file.
Now, just because you have this plugin, doesn’t mean your computer has been hacked, it just means it’s vulnerable to it. So deactivating and removing the plugin should resolve the issue. If you are one of our clients for whom we installed this plugin and for some reason, you feel your site has been hacked or otherwise compromised by Wassup (bear in mind we’ve only received one report), please contact us and we will do our best to assist*. (More information)
* Please note that Moxie Design Studios™, it’s designers and/or contracted developers are not liable for damages caused by a third party plugin security vulnerability, nor the existence of the vulnerability itself. Plugins and software related to WordPress are open source, as well as free, and there is an element of risk to any Internet-related endeavor.