Suspicious Activity appeared on Some Popular Plugins of WordPress
Yesterday WordPress team notified about the suspicious commits to several popular plug-ins (AddThis, WPtouch, and W3 Total Cache) were not posted by original the authors. They determined these commits as cleverly disguised backdoor.
“We’re still investigating what happened, but as a prophylactic measure we’ve decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plug-in or theme, you’ll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org)”
Mullenweg says WordPress.org itself is not hacked; Matt Mullenweg is a very young entrepreneur who is the mastermind behind WordPress.
What you have to do is just updates the plug-in, Change your one password to new one and shut down access to the plug-in repository while they looked for anything else unsavory. If you use AddThis, WPtouch, or W3 Total Cache , make sure to visit your updates page and upgrade each to the latest version.
Note: Never use the same password for two different services.
If you like this post, then please consider re-tweeting it,sharing it on Facebook.
If you have any question, suggestion than writes in comment below.