Version 2.7 doesn’t install

Check your display-widgets.php inside the directory. If you ran the install for 2.7 then that php file should be showing as version 2.05 because 2.7 is just v2.05 being pushed so as to strip out the malicious code. v2.05 is the only legit version of this plugin. After installing it will just keep showing the “update now” button because the WP team didnt modify the v2.05 header in the php file. To resolve this, after updating to 2.7 (which is just 2.05) you can just edit the php file’s “Version” line from 2.05 to 2.7

• This reply was modified 7 years, 5 months ago by Fist Full of Crisco.

Thank you @fistfullofcrisco
I did just that and it worked.
Changed it both in php and the txt file.

Yolanda [nathair]

You cannot download this. You can upgrade to it if you’re a current user. We will not be making it available again for new users because it’s not supported or worked on anymore.

If you ran the install for 2.7 then that php file should be showing as version 2.05

No… I just looked at the code in SVN and it says 2.7 in the readme and the main plugin file. Where are you folks seeing 2.05?

I had a look at the 2.7 zip file (downloaded about 12hrs ago) and as Mika said both the readme.txt file and the display-widgets.php file have been changed to v2.7 (as the plugin team reported).

Can also see at https://plugins.svn.www.ads-software.com/display-widgets/tags/2.7/display-widgets.php and https://plugins.svn.www.ads-software.com/display-widgets/tags/2.7/readme.txt they have the 2.7 info.

Don’t know why the upgrade notice would still show 2.05 (you aren’t the only person to post about this in the forum) and require a manual modification???

To be sure you have removed the malicious 2.6.* code try loading (changing the domain to your domain)

https://domain.com/wp-content/plugins/display-widgets/readme.txt

Should have a line: Stable tag: 2.7, identical to this file https://plugins.svn.www.ads-software.com/display-widgets/tags/2.7/readme.txt if anything is different investigate further.

and

https://domain.com/wp-content/plugins/display-widgets/geolocation.php

That should be a 404 error page unless you uploaded the 2.7 plugin files using FTP, if you uploaded via FTP I suggest deleting the entire /display-widget/ directory and upload a new one (from the clean 2.7 zip file) so it is 100% safe.

If you get a PHP error loading the geolocation.php file similar to:

"Fatal error: Call to undefined function add_filter() in /home/####/public_html/#####/wp-content/plugins/display-widgets/geolocation.php on line 243"

You might still be running the 2.6.* code (or see above about FTP).

Wild Speculation Warning Start….

The hacker could have modified the WordPress upgrade process on some sites to stop normal upgrades, but set the hack to show v2.05 as the hacker wouldn’t have known in advance if the plugin team were going to go with downgrading to v2.05 (keeping the version number) or going with another version (2.7, 2.7.0, 3.0.0 etc…).

If I were a hacker that would have been my approach, guess what the plugin team would do (v2.05 would be a logical choice) and add a contingency to stop the v2.6.* code from being removed by renaming it v2.05 when the upgrade process kicks in.

To check this see if there’s a geolocation.php file within the /display-widgets/ directory AFTER running the WordPress plugin upgrade process.

Wild Speculation Warning End….

IMHO there should have been a forced security upgrade to v2.7 on all sites, there will be tens of thousands of users who won’t upgrade for days/weeks/months/ever.

[removed]

• This reply was modified 7 years, 5 months ago by Ipstenu (Mika Epstein). Reason: Don't sign posts, David

David, stop signing your posts. We can see who you are, and we’ve asked you to stop this before.

As paradoxical as this sounds, please don’t direct link people to the zip. We DO NOT want people downloading and using this. If you’re using it, upgrade. If you’re not, don’t start. The plugin is done. I recommend you use Widget Visibility in Jetpack – https://jetpack.com/support/widget-visibility/

I do not know whats going on, but wordfence published a report which had a lot of alarming details. If the plugin is sold already, its likely that the original owners have no control over it. I am pretty scared by what sort of spam it must have been causing.

I seem to be getting 2.05 when I try to update via the dashboard as well:

Here’s a screenshot of the update details: https://i.imgur.com/shVL1Dj.png

Checking the files on the server shows the same: https://i.imgur.com/l0stCF8.png

• This reply was modified 7 years, 5 months ago by Matt. Reason: Forgot to subscribe

I am still seeing an issue after updating to 2.7. After the update successfully installs if you reload the plugin page — it says you need to update to 2.7 again. Tried several times to run the update — continues to say I need to update.

https://cl.ly/0Q2b2V0D2L2A

I don’t use Jetpack because I think it’s silly to have to get a .com account for each client just so I can use it on a client’s site. All the logins. Widget Options, in the Repo, is very similar to Display Widgets, and doesn’t contain malicious code. And you don’t need to get a .com account to use it.

• This reply was modified 7 years, 5 months ago by mscwebmaster.
• This reply was modified 7 years, 5 months ago by mscwebmaster.

@ashumbf – The current version (2.7) is safe. The plugin review team has scrubbed it. That said, I would;dn’t recommend you keep using it, and instead find a replacement. The original dev sold it to an unscrupulous person ??

@mzak – That actually shows a download of 2.05 NOT 2.7 which is interesting. It should give you a different URL.

However. Since you have that version, you’re safe to leave it as is and manually edit the file to have 2.7 as it’s version.

@otto42 may know why the wrong version is showing like that. It may be server caching.

• This reply was modified 7 years, 5 months ago by Ipstenu (Mika Epstein).

I will investigate this. It seems likely that you’re getting the wrong version for some caching reason. However, 2.05 is safe as well. No need for concern here.

@ipstenu
“David, stop signing your posts. We can see who you are, and we’ve asked you to stop this before.”

As far as I’m aware I haven’t been “asked to stop this before”.

Very strange rule, you can’t add your name (like David or David Law) to the end of a comment!

You might want to add that rule here: https://codex.www.ads-software.com/Forum_Welcome#Signatures which says nothing about not using your name.

Signatures

Using your www.ads-software.com profile for advertisement in posts unrelated to your themes and plugins is discouraged. This includes signature links and URLs in display names.

As requested I will no longer link to the 2.7 zip file from this forum, again weird as it’s public info and means those wanting to do a manual update via FTP, can’t!

After this post I’ll be unsubscribing from the Display Widgets forum and leave it to you to sort out the support mess.

Serious side note: @solvingissues Following moderators to their home site to complain (and using bogus email addresses, nice touch) will get you blocked here on www.ads-software.com too.

If you want to contribute, please do. But harassment will get you into real trouble.

@ipstenu
1. I ran the update on 6 different sites on 6 different servers. After updating all 6 sites reported there was a new update for this plug-in , so I ran it again and again. The solution was manually changing the version number as explained above. Which I did on all 6 sites.
2. I am no fan of jetpack which you mentioned somewhere, it is bloatware i.m.h.o.
3. I received your mail that I should not sign my posts? Or did I actually misread something

Vixen

3. I received your mail that I should not sign my posts? Or did I actually misread something

Yes. Please refrain, it’s not necessary and signatures is prohibited.