Why, Social Media Widget? Why?
I’m sure many of you coming here are coming here because you’ve been linked to this site because of the recent news about Social Media Widget being injected with malicious SEO Spam code for Pay Day Loans as featured at Sucuri.
I occasionally look into how SMW is doing since I sold it in January of this year. This morning I decided to look at the support forums to see if I could help anybody with any issues they were having when I noticed that I was getting a “not found” error where the plugin originally was, so I got in touch with the new maintainer and he informed me it had been pulled from the repo because of various issues. Well, he didn’t explain to me how serious it was. I was looking around and came across the Securi article that had already been making rounds in all of the social media sphere.
I was aghast at the extent of the problem. I thought it was something as silly as the new maintainer using a CDN to deliver links or scripts without letting the users know about it. Nope… SEO Spam. It’s clear from the article that this was put in the code on purpose. The only question is who put it there – the new maintainer, or a freelancer that the new maintainer hired – but to me, it doesn’t matter.
The SMW legacy is now in shambles. I desperately found every site that referenced this stuff and cleared my name and distanced myself as far away from the plugin as I could. I went to Twitter and let all of the loyal fans I had and let them know what was going on so they could remove social media widget.
It’s only been 4 months since I’ve sold the widget, and I’ve still been receiving e-mails, tweets, and phone calls regarding SMW, so clearly not everybody knows that it had switched hands. I have several other plugin ideas for WordPress but because of all of this SEO Spam business, I’ve lost the desire to do it – at least until this all blows over – because I’m afraid people will say “Oh, Brian Freytag, that guy that did Social Media Widget; didn’t that thing have malware? We’d better avoid that one.” I’m severely disappointed by all of this and am actually apologetic for it. Not because I had anything to do with the injection, but because I gave up on it, sold it, and in the end people ended up getting burned by it. It’s like if I had a kid that stole stuff from a convenience store. I’m not the one that stole it, but I’m still sorry that my kid was the one that caused you grief.
This post is to completely separate myself from Social Media Widget. I am backing away from its legacy. I’m banishing it from my name. I will no longer provide support for it (I still gave help when people mistakenly e-mailed me instead of the new maintainers). I’ll no longer “check up on it” to see how its doing. I’m just done with it.