All about Microblogging
Possible security breach forces WordPress.org to reset passwords
WordPress.org is going to force users/already has forced users to change their passwords after several popular plugins were hacked.
Earlier today the WordPress team noticed suspicious commits to several popular plugins containing cleverly disguised backdoors.
Said WordPress in this blog post.
We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.
According to WordPress the plugins hacked were AddThis, WPTouch, and W3 Total Cache, however there are over 15,000 WordPress plugins so more may have been compromised.
To ensure safety Wordpress is force resetting all passwords on sites that use WordPress.org, the PHP script you install into your own hosting service. This does not effect us as WordPress.com was not hit this time, unlike back in April.