WordPress.org Forces Password Resets Due To Compromised Plugins

Published by pratyushkp on June 22nd, 2011 - in Social, Technology

Image via Wikipedia

WordPress.org has just posted the following on its blog:

“Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.”

According to founder Matt Mullenweg, WordPress .org has decided to reset all WordPress.org, bbPress.org and BuddyPress.org passwords, because of suspicious activity surrounding popular plugins AddThis, WPTouch and W3 Total Cache.

WordPress.org users who try to log in to WordPress.org forums, use trac, or who try to commit to a plugin or theme will receive the following message, “On June 21, 2011, we reset all passwords, so you’ll need to request a new one if you haven’t already.” Mullenweg tells me that the password change will affect the couple of million people who login into WordPress.org.

Mullenweg tells me that WordPress.org itself was not hacked, but that some plugins author accounts were and that the hacks have the potential to affect anyone who downloads these plugins from WordPress.org. “There are 15k plugins so happens sometimes,” Mullenweg said. “We haven’t pissed off LulzSec yet. ”

Source :- http://techcrunch.com

  • WordPress Hit With Backdoor Attack, Force Resetting User Passwords (techie-buzz.com)
  • Security Alert for AddThis WordPress plugin (addthis.com)
  • Video Instructions For Setting Up A WordPress.org Blog Part 2 (tibmarketing.wordpress.com)
  • Add Custom Design, Edit CSS, Fonts in WordPress.com (madrasgeek.com)
  • WP Review Site Plugin Review (tjantunen.com)
  • Don’t Let WordPress 3.2 Break Your Website: Make Sure You Have MySQL 5 and PHP 5.2.4 (pressography.com)


Powered by Facebook Comments

3 Responses

  1. Wordpress Blog on: WordPress.org Forces Password Resets Due To Compromised Plugins | MiloRiano: Computers news, tips, guides... says:

    [...] Originally posted here: WordPress Blog on: WordPress.org Forces Password Resets Due To Compromised Plugins [...]

  2. Monte Oakden says:

    Hello this is amazing site! really cool and it will be a new inspirations for me

  3. Gabriella says:

    This post is very usefull thx!

Leave a Reply to Gabriella Cancel reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes:

© Social Media Blog