WordPress plugins hack forces password reset
By Paul Briden,
WordPress has admitted it fell victim to a hack attack earlier this week, forcing the popular blogging site to reset user passwords as a precaution.
On its own blog page WordPress said members of its team noticed several popular plugins acting strangely. Following an investigation, these plugins were found to be compromised and using “cleverly disguised backdoors.”
“We’re still investigating what happened,” said Automattic founder Matt Mullenweg, on behalf of the Wordpress team.
“We’ve decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)”
Mullenweg said WordPress determined that the offending plugins’ behaviour had not originated from their original authors. The WordPress team has “rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory," he said.
AddThis, WPtouch, or W3 Total Cache were singled out as having been compromised and WordPress said anyone who uses these plugins should update to the latest clean version to be on the safe side.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
