WordPress Forces Password Reset Due To Plugin Security Breach

WordPress posted about potential security breach of plugins on their blog today. They have found several disguised backdoors in popular plugins such as AddThis, WPtouch, and W3 Total Cache.

As a prevention of any possible security problem, all users of  WordPress.org are advised to to reset password. WordPress-powered blogs are not affected but WordPress.org forums, trac and code commits to plugins or themes will be affected.

For users who are using plugins mentioned above, they are supposed to visit the updates page and upgrade each to the latest version.

WordPress is investigating what happened. They have determined the commits were not from the authors, pushed updates to the plugins, and shut down access to the plugin repository while they looked for anything else unsavory.

According to Mashable, WordPress has been attacked for several times. The last attack, low-level root access breach was in April.

Add comment


No comments yet.