Cinn's Road Trip is offline.

Another Wordpress/plugin casualty.


If you have the plugin “Yuzo Related Posts” installed on your Wordpress blog, you are guaranteed to be hacked. Apparently they are working through domains alphabetically, so mine was early in the list. You don’t have to believe me, do a search on the plugin’s name and see what’s happening out there.


Wordpress closed the plugin and announced the vulnerability publicly, before the 60,000 users of the plugin were notified. Hackers heyday! Five days AFTER websites started getting exploited, the developer (finally) recommended that everyone uninstall the plugin.


Wordfence has information on how to “clean up” the hacked Wordpress MySQL database, but it doesn’t work.


As a professional web designer/developer (and unix sys admin) for 24 years, who has never “lost” a website until now, I believe that such high-risk software (Wordpress and plugins) should be boycotted and banned by the web community — and made to clean up its act! The “vulnerabilities” are a proven hazard: not just for the site owner, but to site visitors as well.


Do you really want your subscribers and customers redirected to malware and spam sites? That’s what happens when your site is hacked. Do yourself and your site visitors a HUGE favor, and don’t use Wordpress.


If you are a new blogger: Consider a different platform other than the highly-hacked Wordpress, and save yourself a lot of lost time & work (and heartache). There are other choices.