VERY IMPORTANT

For the past two and a half months, a WordPress plugin named Display Widgets has been used to install a backdoor on WordPress sites across the Internet. The backdoor code was found between Display Widgets version 2.6.1 (released June 30) and version 2.6.3 (released September 2). The WordPress.org team has intervened and removed the plugin from the official WordPress Plugins repository. At the time it was removed, the plugin was installed on more than 200,00 sites, albeit we cannot be sure how many of these were updated to a version that included the malicious behavior.