WordPress plugins hack forces password reset

A hacking attack through Wordpress plugins has forced the blog service to reset passwords.

Wordpress home page

WordPress has admitted it fell victim to a hack attack earlier this week, forcing the popular blogging site to reset user passwords as a precaution.

On its own blog page WordPress said members of its team noticed several popular plugins acting strangely. Following an investigation, these plugins were found to be compromised and using "cleverly disguised backdoors."

"We're still investigating what happened," said Automattic founder Matt Mullenweg, on behalf of the Wordpress team.

"We've decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you'll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)"

Mullenweg said WordPress determined that the offending plugins' behaviour had not originated from their original authors. The WordPress team has "rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory," he said.

AddThis, WPtouch, or W3 Total Cache were singled out as having been compromised and WordPress said anyone who uses these plugins should update to the latest clean version to be on the safe side.

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Recommended

Android apps still vulnerable to a major bug despite an existing patch
Google Android

Android apps still vulnerable to a major bug despite an existing patch

3 Dec 2020
20 Universities targeted by “Shadow Academy” hackers
hacking

20 Universities targeted by “Shadow Academy” hackers

3 Dec 2020
IBM: Hackers are targeting COVID-19 vaccine 'cold chain'
Security

IBM: Hackers are targeting COVID-19 vaccine 'cold chain'

3 Dec 2020
GitHub: Open source vulnerabilities can go undetected for four years
Security

GitHub: Open source vulnerabilities can go undetected for four years

3 Dec 2020

Most Popular

Samsung Galaxy Note might be discontinued in 2021
Mobile Phones

Samsung Galaxy Note might be discontinued in 2021

1 Dec 2020
Microsoft Teams no longer works on Internet Explorer
Microsoft Office

Microsoft Teams no longer works on Internet Explorer

30 Nov 2020
Sopra Steria cyber attack costs to hit €50 million
Security

Sopra Steria cyber attack costs to hit €50 million

26 Nov 2020