GoDaddy Managed WordPress Hosting Blacklists NextGEN Gallery Plugin – Here’s how to fix it

August 31, 2019 / Cami MacNamara
design-desk-eyewear-313690

To my surprise this morning, I got three emails for client sites from GoDaddy letting me know that there was a major security issue with NextGEN plugin 3.2.10 (+ earlier versions), that it was blacklisted and was conveniently being removed from the client hosting accounts. It even went so far as to say, “You’ll be better off without it”.

But, NextGEN is a well-supported, widely used plugin with 900K downloads and dozens of my clients rely on it for their photo galleries. Most of these galleries are used as portfolios for contractors, designers, artists, and real estate agents.

Making this even more strange, is that the newest version is out and available to update and fix the issue. Despite the perplexing reason why this decision was made, I had to spring into action and get the site galleries working again for my care plan clients. I thought I would share how I did it so I might be able to save others time.

After posting in the WordPress.org forum about this, the CEO of Imagely reached out that all we needed to do was simply upload the new version, NextGen 3.2.11. Download here.

I quickly found that there might be a few steps needed.

Login to the client site that has a NextGen gallery on Manage WordPress hosting at GoDaddy.

If you see this message in your WordPress dashboard, you know that GoDaddy has detected the plugin and removed it (maybe):

Now, upload the new version of NextGen 3.2.11.  If that goes smooth, you are good.  If you get the message below, there is more work to do:

Nexgen removed from GoDaddy hosting

This means that the 3.2.10 plugin wasn’t completely removed and still exists in your directory.

You will then need to SFTP into your website and delete the nextgen-gallery plugin by selecting and deleting it. Do not delete the nextgen-gallery-pro!

Lastly, can then go back to your dashboard and upload the new version (3.2.11) to your WordPress website.

And your final result should be this:

One final check to make is to see if there are any additional Imagely updates showing up under Dashboard->Updates in your menu.

I’m still working on listing all the clients that have been affected.  I’ll be ready when those that I missed reach out to me.  Good luck!

Resources:  Fortinet – Multiple WordPress Plugins SQL Injection Vulnerabilities

 

 

Cami MacNamara

Cami MacNamara has 20+ years of experience running a small, profitable, one-person web design business, so she can walk her dog whenever she likes. WebCami.com / Twitter / Instagram