Posted June 22, 2011 by T3cH FR3@K in Blogging
 
 

Suspicious Activity appeared on Some Popular Plugins of WordPress



Yesterday WordPress team notified about the suspicious commits to several popular plug-ins (AddThis, WPtouch, and W3 Total Cache) were not posted by original the authors. They determined these commits as cleverly disguised backdoor.

They said:

We’re still investigating what happened, but as a prophylactic measure we’ve decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plug-in or theme, you’ll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org)

wordpress logo 300x186 Suspicious Activity appeared on Some Popular Plugins of Wordpress

Mullenweg says WordPress.org itself is not hacked; Matt Mullenweg is a very young entrepreneur who is the mastermind behind WordPress.

 

What you have to do is just updates the plug-in, Change your one password to new one and shut down access to the plug-in repository while they looked for anything else unsavory. If you use AddThisWPtouch, or W3 Total Cache , make sure to visit your updates page and upgrade each to the latest version.

Note:  Never use the same password for two different services.

References: WordPress

 

If you like this post, then please consider re-tweeting it,sharing it on Facebook.

If you have any question, suggestion than writes in comment below.

 



AddThis disguised backdoors on wordpress plugins force-reset all passwords on WordPress.org Matt Mullenweg or W3 Total Cache compromised by hackers suspicious commits on wordpress WPtouch