WordPress plugins hack forces password reset
A hacking attack through Wordpress plugins has forced the blog service to reset passwords.
WordPress has admitted it fell victim to a hack attack earlier this week, forcing the popular blogging site to reset user passwords as a precaution.
On its own blog page WordPress said members of its team noticed several popular plugins acting strangely. Following an investigation, these plugins were found to be compromised and using "cleverly disguised backdoors."
"We're still investigating what happened," said Automattic founder Matt Mullenweg, on behalf of the Wordpress team.
"We've decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you'll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)"
Mullenweg said WordPress determined that the offending plugins' behaviour had not originated from their original authors. The WordPress team has "rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory," he said.
AddThis, WPtouch, or W3 Total Cache were singled out as having been compromised and WordPress said anyone who uses these plugins should update to the latest clean version to be on the safe side.
Unlocking collaboration: Making software work better together
How to improve collaboration and agility with the right tech
Download now
Six things a developer should know about Postgres
Why enterprises are choosing PostgreSQL
Download nowThe path to CX excellence for B2B services
The four stages to thrive in the experience economy
Download now
