Top Posts & Pages Widget
[resolved] Link Hijacking (4 posts)

  1. Jason Kemp
    Posted 2 years ago #

    Have noticed on a couple of sites that the list of links gets hijacked in part. Had a quick look inside the plugin to see if it has been compromised but nothing obvious.

    What happens is that the most popular posts on the site display an external link when you hover over. This is a reverse Seo kind of thing that happens in the pharma hack.

    Somewhere there is a look up table that takes selected top posts / aliases them to an look up table ( but where) and displays those. Has happened on 2 sites now - one is running 2010 them and the other a woo theme. A succuri scan shows nothing and looking at the plugin code also nothing. Because this plugin looks back at jet pack stats that is another linkage but assuming there is nothing bad there. Potentially though because there is a stats table and a link back to this plugin - there might be a extra hijack table being inserted somewhere.


  2. WaltB
    Posted 2 years ago #

    I just had the same thing happen. I installed this plugin to compare it to the built-in Top Posts & Pages widget, and all of my top posts links were immediately hijacked. Fortunately deleting the plugin and clearing the cache seems to have fixed it.

  3. Bauke
    Posted 2 years ago #

    Same here. Seems like the stats of JetPack are vulnurable to tracking clicks of no-matter-what-domain... Hope this gets fixes soon, as the popular-posts plugin is useless now

  4. Jason Kemp
    Posted 2 years ago #

    I replaced top-posts by using
    WordPress.com Popular Posts Version 2.6.0 | By Frasten

    however that one has now been abandoned even though it works fine for now.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Top Posts & Pages Widget
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic