WordPress Malware Alert!
There is no such WordPress plugin named Simple Dimple, not by Cool Plugins or any other WordPress developer. There is a plugin name Cool Timeline by Cool Plugins, but if you did not physically install it on your site and it just appeared there, then it is malware!
FIRST!
Check your site(s) (or your client site(s)) on some type of Apple device; iPhone, iPad, MacBook, iMac or whatever other type of Apple device you or someone you know has.
This is important, because the malware does not reveal itself in browsers on Android devices or on Windows computers. I was only able to see it when using the Safari browser.
If any type of .TOP sites come up, then there is malware on your WordPress site.
This is also important, because I thought it was just one site that was popping up over my client's site, favoritespace.top, and then when I closed my browser and tried again another .TOP site popped up.
DO NOT CLICK ALLOW ON ANY SITE THAT SHOWS UP OVER THE SITE YOU INTENDED TO VISIT!
Cool Timeline is an actual plugin, but Simple Dimple is not a real plugin, nor is it a product of the Cool Plugins developer. I did check, and this is how I know Simple Dimple is neither really a plugin or a product of Cool Plugins. This leads me to believe that the developer has no idea that some ill-intentioned person or company has hijacked their brand. I have already reached out to them through their Code Canyon account.
I actually discovered this inadvertently when I noticed those two plugins on a client site yesterday. I thought maybe he was the one who put them there, because he does that from time to time. However, today I saw those same two plugins on another client's site. These clients do not know each other. They are not even in the same industry, and their site setup, as it concerns plugins, are totally different. I know this because I created both sites.
Ironically, one site was running the Wordfence plugin and the other site was not. So it doesn't appear to matter whether there is some sort of security plugin in place or not for your site to get hacked.
My suggestion is that if you see either Cool Timeline and/or Simple Dimple in your plugins list do not simply check them both and delete them. I have no idea what that might trigger.
Either (S)FTP in your File Manager or go to your File Manager via your hosting dashboard and manually remove the files. You won't actually see a folder for Simple Dimple, because it's not a real plugin, but you will see a folder for Cool Timeline.
There is also a file in the root folder of your WordPress install that needs to be deleted.
Shoot! I'm not finding the malware on any of my own sites or any more of my clients' sites, and I was so quick to get it off their sites that I didn't jot down the folder and file you need to look for and remove. Many apologies.
I can tell you, though, that if you have Wordfence as a security plugin on your WordPress site, then you can run a scan right now and the offending folder, file and file changes will come up in the scan. Had I not been so frantic to get my clients' sites cleaned, I would have thought to take some screenshots. Again, many apologies.
I'll keep monitoring my sites and my clients' sites to see if the issue comes back. Hopefully, not.
Subcribe to my weekly newsletter
Get video tutorials created specifically for your needs for your WordPress project(s).
