I had 7 sites hacked today using YellowPencil (each site was redirected to random malware-installing sites in North Korea, Russia, etc.) I have deactivated the plugin to stop my viewers and clients from being hacked via their browser. Hopefully you can put a fix out soon? Dreamhost mass-deactivated the plugin on all their servers because they were suddenly flooded with calls.
Yeah, any CSS changes will still be there, you just update and reactivate (once they have a fix up.)
UNLESS, of course, they say to pull the entire plugin first, then install a new version (but even then, it should pick up the CSS modifications you made with the previous versions.)
Great thanks Brian! Guessing that without the plugin activated the CSS changes will not be active as well? Or do the CSS changes made stay in place but without the ability to adjust. I have a site that has A LOT of CSS adjusted through YellowPencil so I am nervous to deactivate. Thanks for any knowledge you have!
1. Disable plugin and deal with a messy website until they fix the situation
OR
2. Don't disable plugin and deal with website occasionally being directed to weird websites (I figured out how to fix this but it only works for a temporary time. I fixed this morning and when I went back on this evening, my URL was redirecting me to a different dodgy website... whoever is hacking seems to keep updating/refreshing things.)
"@michelskovbo before you deactivate it, export the CSS using Yellow Pencil’s export function, and then you can re-add that CSS back to your theme with the Simple CSS plugin.
That will keep your past changes intact, though you’ll need another solution for visual editing in the future. I’d recommend CSS Hero or Microthemer."
You need to export the CSS, put the exported CSS in the site CSS file, THEN deactivate and DELETE the plugin. If you cannot get into the Admin then you need to go to your PHPMyAdmin and for to the wp_options table and reset your HOME and SITE url in that table.
We fixed these bugs and updated the plugin. The plugin is not available in CodeCanyon and WordPress.org for now but this will available in the coming hours. You can download the latest version from this link and update the plugin manually.
- Go to your phpmyadmin dashboard - On the left of the screen click on your database - In that section search for wp_options and click on that - Change the URL back to your own site URL
Now you should be able to login back in to your admin dashboard of your site
Hey there! Your plugin has been hacked just like Yuzo Related Posts plugin! Are you guys gonna work on a patch to fix this?
Below is a link with more info:
1. https://blog.sucuri.net/2019/04/attacks-on-closed-wordpress-plugins.html
I had 7 sites hacked today using YellowPencil (each site was redirected to random malware-installing sites in North Korea, Russia, etc.) I have deactivated the plugin to stop my viewers and clients from being hacked via their browser. Hopefully you can put a fix out soon? Dreamhost mass-deactivated the plugin on all their servers because they were suddenly flooded with calls.
Any idea what happens to the code when you disable or deactivate the plugin? Does it save for when I re-activate?
Cheers,
Thomas
Yeah, any CSS changes will still be there, you just update and reactivate (once they have a fix up.)
UNLESS, of course, they say to pull the entire plugin first, then install a new version (but even then, it should pick up the CSS modifications you made with the previous versions.)
Enjoy!
Brian
Great thanks Brian! Guessing that without the plugin activated the CSS changes will not be active as well? Or do the CSS changes made stay in place but without the ability to adjust. I have a site that has A LOT of CSS adjusted through YellowPencil so I am nervous to deactivate. Thanks for any knowledge you have!
Cheers,
Thomas
If you disable the plugin, the CSS that was done with Yellow Pencil also gets removed.
Ok so guessing there are only two options:
1. Disable plugin and deal with a messy website until they fix the situation
OR
2. Don't disable plugin and deal with website occasionally being directed to weird websites (I figured out how to fix this but it only works for a temporary time. I fixed this morning and when I went back on this evening, my URL was redirecting me to a different dodgy website... whoever is hacking seems to keep updating/refreshing things.)
Found a solution for those concerned out there:
"@michelskovbo before you deactivate it, export the CSS using Yellow Pencil’s export function, and then you can re-add that CSS back to your theme with the Simple CSS plugin.
That will keep your past changes intact, though you’ll need another solution for visual editing in the future. I’d recommend CSS Hero or Microthemer."
You need to export the CSS, put the exported CSS in the site CSS file, THEN deactivate and DELETE the plugin. If you cannot get into the Admin then you need to go to your PHPMyAdmin and for to the wp_options table and reset your HOME and SITE url in that table.
Well that explains why, when I went to update it after an email from Envato, it was no longer available. What a pain.
How to export the CSS?
Something is preventing me from exporting
Hi There,
We are sorry about this vulnerability...
We fixed these bugs and updated the plugin. The plugin is not available in CodeCanyon and WordPress.org for now but this will available in the coming hours. You can download the latest version from this link and update the plugin manually.
If you need more help, please check this page.
Best Regards,
WaspThemes Team
@Marko
- Go to your phpmyadmin dashboard
- On the left of the screen click on your database
- In that section search for wp_options and click on that
- Change the URL back to your own site URL
Now you should be able to login back in to your admin dashboard of your site
We have released security update and you can download it here - https://yellowpencil.waspthemes.com/docs/important-security-update/
Sorry for inconvenience!
Best regards,
WaspThemes team
And don't forget to rate our plugin, it means a lot to us!
Hooray! Thank you for the quick fix and response.
Have a great day!
Best regards,
WaspThemes team
And don't forget to rate our plugin, it means a lot to us!