WordPress plugins hack forces password reset

A hacking attack through Wordpress plugins has forced the blog service to reset passwords.

Wordpress home page

WordPress has admitted it fell victim to a hack attack earlier this week, forcing the popular blogging site to reset user passwords as a precaution.

On its own blog page WordPress said members of its team noticed several popular plugins acting strangely. Following an investigation, these plugins were found to be compromised and using "cleverly disguised backdoors."

"We're still investigating what happened," said Automattic founder Matt Mullenweg, on behalf of the Wordpress team.

"We've decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you'll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)"

Mullenweg said WordPress determined that the offending plugins' behaviour had not originated from their original authors. The WordPress team has "rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory," he said.

AddThis, WPtouch, or W3 Total Cache were singled out as having been compromised and WordPress said anyone who uses these plugins should update to the latest clean version to be on the safe side.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Top US credit unions have multiple web app security problems
cyber security

Top US credit unions have multiple web app security problems

15 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021
FBI shuts down web shells in hacked Exchange servers
cyber security

FBI shuts down web shells in hacked Exchange servers

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021