The Yuzo Related Posts Plugin has been hacked! If you run a WordPress website and you have this plugin installed then you need to read this article. In fact, if you own any kind of WordPress website, then you need to be aware of this.
WordPress Websites Hacked With Yuzo Plugin
Our website and thousands of other WordPress websites have recently been hacked because of a vulnerability found within a very popular WordPress plugin, called “Yuzo Related Posts”.
The Yuzo Related Posts plugin is installed on thousands of WordPress websites, including ours at MMOZ! Recently it was sadly compromised, allowing hackers into thousands of websites.
If you use this plugin on any of your websites, you need to check them right away, because they will have been hacked!
What Is The Yuzo WordPress Plugin?
The Yuzo Related Posts plugin allows website owners to display related posts at the bottom of their website.
Due to a weakness within the plugin, hackers have been able to access every website with the plugin installed. And this hack may not be exclusive to Yuzo, there may well be others.
How Do You Know That You’ve Been Hacked?
If you have the Yuzo Related Posts Plugin installed on your website, then you will already have been hacked.
A small piece of code is added to your WordPress website causing every post and page that you have ever written to be redirected to spammy websites, pop-ups and malware sites.
WordPress.org had reports of this hack. You can read more about that here.
WordFence Also Reported This Hack:
Why We Removed The Yuzo Related Posts Plugin!
It would seem that thousands of website owners are currently having all of their website traffic diverted away from their site and sent to wherever the hackers want it to go. If you have the Yuzo plugin installed, then your website visitors could be redirected to a website that looks like this…
This is just an example. Your website might redirect to a completely different site. Thanks to a vulnerability within the Yuzo related posts plugin, your visitors could be redirected anywhere. And this problem doesn’t just affect the home page. The hack affects every page and post within your site.
Thankfully the solution to getting rid of the hack is pretty simple…
Thanks To Wealthy Affiliate Site Support
Wealthy Affiliate is home to thousands of WordPress websites, many of which will have been affected by the Yuzo hack.
Thankfully the Site Support Team at Wealthy Affiliate were quick to offer a solution to this problem.
Click The Image Below To Read The full Article On Wealthy Affiliate.
How To Rectify The Yuzo Hack
We contacted Site Support and they gave the following advice:
If you have the Yuzo plugin installed and you are currently experiencing issues with your site redirecting, then the first thing that you should do is disable the plugin.
Simply go to your WordPress dashboard and deactivate the Yuzo plugin.
Next, you need to delete your browser history, cache and temporary internet files.
Did This Article Help You?
If you have been affected by this hack please let us know your thoughts in the comment box below. Sharing your knowledge and thoughts with us helps other readers, so please get in touch!
To the author i say a very big thank you for shedding more light on how hackers operates and also how to keep my account safe. I have never heard of the Yuzo plugin and I don’t even have it installed on any of my WordPress sites. Thank God for that. I am very careful when it comes to website security especially when you have many sites using WordPress because it is a wonderful platform, hackers are going to try to hack it. And i am grateful i have an excellent support, such as Wealthy Affiliate tech support, your review has encouraged me to change my passwords regularly, hopefully that will keep my account safe.
Changing your passwords on a regular basis may well help. If you are with Wealthy Affiliate, they have a great security system running in the background to protect your site. But unfortunately it doesn’t stop attacks like the one that affected Yuzo because the hackers just get in through a weakness within the plugin. Sometimes these things just can’t be avoided. But we can try to take precautions!
I can only say that this article has opened my eyes and mind to take security features for my WordPress site seriously. It is a sad thing to experience what Yuzo went through. Those wicked hackers are just everywhere trying to steal one’s login details and data. This article is really informative and helpful. I have to share this with my blogger friends.
Thanks for sharing this article Brent! Much appreciated.
I appreciate this informative post. The Yuzo -related plug-ins has been around for some years and it is well known. it is unfortunate that hackers have exploited the vulnerability and install malicious code that makes the plug-in malfunction by re-directing users to different websites entirely. The best option as you rightly suggested is to disable the plug-in and I would suggest to run an anti-virus check
Hi there Tolu. I actually tried a couple of different malware and virus checkers on the website when we were effected but nothing was detected. The plugin has been around for a long time and up until now I don’t think there have been any issues. Hopefully this will be resolved pretty quickly.
A long time ago, I have installed Yuzo plugin in one of my old and abandoned website (there isn’t much traffic there). I forgot if I uninstalled the plugin of just deactivate it. Is it harmful even if I just leave it here? Do you have any recommendation for similar plugin that works like Yuzo? I hope they can fix it, but the attack looks so serious that I doubt anyone still want to use that plugin.
Hi there. If the plugin is installed on your website but it isn’t activated, then it shouldn’t harm your site. If the plugin is activated then it could be redirecting traffic to spam websites. So deactivating the plugin is the main thing, but you should also clear your Cache and History. Site Support also recommend flushing your DNS.
As for an alternative to the plugin, at this moment we don’t have a recommendation. This is something that we intend to look into, but related post plugins are renown for slowing down websites. Choosing the right one has to be done carefully.
Keep an eye open for updates!
This is a concise and informative blog post. You have thoroughly explained in details from different perspective for everyone digesting this post to understand the major points and tips shared in this article. I have experienced this too when my WordPress was hacked by the unknown set of people responsible for the Yuzo hack. I was able to conquer after removing the Yuzo plugin, just as you said. This is an eye opener and i wish all newbies can look into this too. I shall share this with my blogging pals.
Thank you Tracy.
Sorry to hear that the hack affected your website. But good to hear that you disabled the plugin!
Thanks for sharing my post.
Regards,
Andrew
I have never heard of the Yuzo plugin, and I don’t have it installed on any of my WordPress sites. Thank goodness!!
I am very keen on website security, and when you have as many sites using WordPress because it is an excellent platform, the bad guys are going to try to hack it. Besides having excellent support, such as the Wealthy Affiliate tech support, you need to work to protect yourself. Change passwords regularly; don’t use dictionary words or names for your passwords; and don’t use repeated letters or numbers for your password. You should also change your admin name. I had an old site where hackers kept trying and trying to hack it, but they never got the admin name.
Bottom line: be careful.
I couldn’t have said it better myself! Thank you for that.
Cheers,
Andrew
Early today I noticed my two websites on WordPress was hacked, I tried to login but I was getting Incorrect password. Thou I have login to my cpanel to enable some changes. I still can’t understand understand how hackers can easily buzz our websites. Please can you shed more light on it? How were they able to hack my both websites?? Was it the plugins I activated that actually caused it???
Sounds like you might have a different issue to that caused by the Yuzo plugin. This plugin hack causes your site to redirect traffic to another website. It doesn’t affect you logging into your site. That’s not to say that your website isn’t being compromised in some way. You need to contact your site admin, update everything and I would also recommend changing your WordPress dashboard password too.
This is a very worrying article, especially from my point of view, as I currently run and own five websites that are hosted on WordPress platforms!
I’m wondering how long this type of thing has been going on, and how many plugins in the past have been effected by this sort of hacking?
A really worrying state of affairs as most WordPress sites use several plugins…
Indeed it is! Unfortunately hackers can get in anywhere if they really want to. Plugins get attacked all the time, sometimes they get fix quickly whilst other times they don’t. Just make sure that you keep your websites up to date with the latest versions of all your plugins as well as keeping your theme up to date.
Thanks for writing out this lovely article and I must say its a must for every bloggers to read and digest.Im a newbie to blogging and I have little experience about WordPress. What are the possible ways to know if yuzo plugin is on my blog? What are the solution to rectify this withoit my blog been hacked?
I would love to read your reply about this. Thanks for the informative review. Regards
You would know if your website was affected as your site would be redirecting to somewhere else. Check in your list of installed plugins if you are not sure. Simply deactivate the plugin and clear your history as detailed in the article. If your site appears to be running normally then there should be no problem.
Reading this article has left me feeling confused. I’m not sure if I have this plugin or not? Was Yuzo a plugin that comes pre-installed within WordPress? I don’t think I have it but I’m worried that my site might be affected by the hackers. What should I do?
Is there a way that I can check my website?
Hi there. First of all, visit your own website and see if it redirects to another site. If your website appears normal, then you have nothing to worry about. Should your site redirect to an advertisement or spammy looking website, then you might have the hacked plugin installed.
Next, go to your WordPress dashboard and look for the “Yuzo Related Posts Plugin”. If you have the plugin then you might want to disable it. At this time its unknown if the issue will be resolved, so disabling the plugin is recommended.
I have heard about this WordPress plogin. Though I never knew it is such a weak plugin that hackers can easily use to bring disruptions to websites. But then, I want to know if the contents of the website can possibly disappear as a result of the hack or is it just mere disruptions that is always found when hacked.
The hacked plugin redirects your web traffic to their chosen website! They can basically hijack your traffic and send it where they want. It doesn’t do anything with the content of your site.
Thanks for sharing this great article, I appreciate you taking time and breaking it all down for us. This is great. I have sometimes used this plugin on my blog but I later removed it when I have to redesign my website. Thanks for the post I will share thus with my friend who is also a blogger. Thanks you have really imparted me.
You won’t be affected if you no longer have the plugin installed, so that’s good. Thanks for your input and thank you also for sharing my article!
Cheers,
Andrew
The internet is vulnerable hence whatever is done over it has the possibility of getting hacked. This Yuzo Related Posts Plugin hack should teach us a lesson and I know that a lot of other plugins would take quick action to tighten their security systems to make it even more difficult for an attack like this to hit them. Wealthy Affiliate always shows their professionalism and its great that they are helping their members through this.
I’m sure the guys behind the Yuzo plugin are working hard to fix this, and I’m sure it could happen to just about any plugin. Its a lesson to keep things updated as much as possible and we always do that. But no matter what you do, sometimes the bad guys get in. Its just a good job that there are a few good people working against them!
Hi Andrew,
Thanks for the timely alarm you are raising, and going out of your way to write an article on Yuzo Related Posts Plugin.
There’s a saying that, to be forewarned is to be forewarned. Now that I have been warned, I would take proper measures to protect myself from my end. I am also impressed that Wealthy Affiliate site support has swung into action to curb this dangerous online phenomenon. It makes me feel safe, that they are not taking this lying down.
Yes the Site Support team are very good. They were able to detect the problem within an hour of us reporting it.
Thanks for writing this article on yuzo related posts plugin hacked. I must commend you for a job well done for taking your time to explain this in details, is so unfortunate that this hack happened to many websites that make use of this yuzo plugin. But am grateful to Site Support Team at Wealthy Affiliate because my website will have been part of the affected websites.
If your website has been affected by the hack, you need to disable the plugin. Check out the Post on Wealthy Affiliate to learn how we dealt with the situation!
I’ve always wondered why sometimes I just couldn’t access a particular website that I had previously never had issues with. This is so beneficial to know, as I begin my own website and I am just learning about plug ins. Wealthy Affiliate looks to be the real deal. Thank you for commending them on a job well done.
Hi, yes sometimes websites can be hacked in this way but its not always the cause of being redirected. This hack is just affecting websites that have the Yuzo Related Posts plugin installed within their site.
WA is the real deal, yes! They helped us get to the bottom of this hack. They offer great training and have a fantastic community. If you want to learn a genuine way to make an online income, then WA is a must.
Hi I just joined WA to learn affiliate marketing and I can attest to it. I didn’t know that hackers could get into your site in this way. I’ll watch the plugins that I install.
There is lot more on it and I believe with a step by step procedure one can make something good out of it. I’m still building my site though and sure it’s a WordPress site and I had no idea of this hacking of yuzo. But I’m not sure I use this plugin, thanks for the information
If you have no problem with your website and you don’t use the Yuzo plugin, then you have nothing to worry about. Just look in the list of installed plugins on your WordPress dashboard if you aren’t sure.
Thank you very much for this update post. It is so unfair to have worked hard to gather information from different sources only to find out that the traffic on ones site has been diverted by some hackers. I personally feel stricter measures should be taken to protect our cyber spacespace.
Thank you once again for taking out time to share this helpful information.
Hey there. Hackers don’t care who they hurt some of the time. In this case I think the hackers were looking to make money by redirecting traffic to offers and spammy sites. Someone will be paying for a lot of traffic and these hackers are supplying it.
Thanks for dropping by!
Andrew