Microblogging News

All about Microblogging

Possible security breach forces WordPress.org to reset passwords

WordPress.org is going to force users/already has forced users to change their passwords after several popular plugins were hacked.

Earlier today the WordPress team noticed suspicious commits to several popular plugins containing cleverly disguised backdoors.

Said WordPress in this blog post.

We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.

According to WordPress the plugins  hacked were AddThis, WPTouch, and W3 Total Cache, however there are over 15,000 WordPress plugins so more may have been compromised.

To ensure safety Wordpress is force resetting all passwords on sites that use WordPress.org, the PHP script you install into your own hosting service. This does not effect us as WordPress.com was not hit this time, unlike back in April.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: