IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

WordPress plugins hack forces password reset

A hacking attack through Wordpress plugins has forced the blog service to reset passwords.

Wordpress home page

WordPress has admitted it fell victim to a hack attack earlier this week, forcing the popular blogging site to reset user passwords as a precaution.

On its own blog page WordPress said members of its team noticed several popular plugins acting strangely. Following an investigation, these plugins were found to be compromised and using "cleverly disguised backdoors."

"We're still investigating what happened," said Automattic founder Matt Mullenweg, on behalf of the Wordpress team.

"We've decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you'll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)"

Mullenweg said WordPress determined that the offending plugins' behaviour had not originated from their original authors. The WordPress team has "rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory," he said.

AddThis, WPtouch, or W3 Total Cache were singled out as having been compromised and WordPress said anyone who uses these plugins should update to the latest clean version to be on the safe side.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Apple, Google, Microsoft expand their support for password-less sign-ins
cyber security

Apple, Google, Microsoft expand their support for password-less sign-ins

6 May 2022
NordPass teams up with insurance provider Cowbell Cyber to improve security awareness
cyber security

NordPass teams up with insurance provider Cowbell Cyber to improve security awareness

18 Feb 2022
NCA donates 225 million passwords to Have I Been Pwned
cyber security

NCA donates 225 million passwords to Have I Been Pwned

21 Dec 2021
Top 200 most common passwords of 2021 revealed
cyber security

Top 200 most common passwords of 2021 revealed

10 Dec 2021

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022