Pinterest Stumbleupon Whatsapp
Ads by Google

WordPress has disclosed that several plugins available on the popular blog-hosting site have been unveiled as malware. The problem stems from three very popular tools – AddThis, WPtouch How To Make Your Wordpress Blog Mobile-Friendly With WPtouch How To Make Your Wordpress Blog Mobile-Friendly With WPtouch Read More and W3 Total Cache 3 Ways The W3 Total Cache Plugin Can Speed Up Your Wordpress Blog 3 Ways The W3 Total Cache Plugin Can Speed Up Your Wordpress Blog Read More – which were found to contain disguised backdoors. According to WordPress How To Move Your Wordpress Blog To Another Host How To Move Your Wordpress Blog To Another Host Read More , these plugins were compromised without the knowledge of their authors.

As a precautionary measure, the site has force-reset all passwords. This means that users will have to request a new password using the standard process on their next login attempt. The organization also advised that anyone using the infected plugins 5 Essential Wordpress Plugins & Services for Business Blogs 5 Essential Wordpress Plugins & Services for Business Blogs Read More should update them immediately to obtain a safe copy.

Although WordPress.org was quick to take precautionary measures to safeguard its own hosted blogs, it has no way to force users running the self-hosted version of the blog software to take the same steps. Anyone running the software should check to see if they’re using any of the infected plugins and, if so, update them as well as reset their blog’s administrative passwords.

Matt Mullenweg, founder of the blog site, stated that an investigation is underway to discover how the plugins became infected and made their way undetected onto the plugin database. In addition to this, the plugin database is being combed to ensure that no other plugins are infected.

Source: TechCrunch

Ads by Google

  1. Cell Travis
    June 25, 2011 at 5:36 am

    W3 Total Cache is one of the many WordPress plugins that bloggers use to speed up site/server response. Non-secure and outdated plugins are one of the most common reasons why WP sites tend to get hacked, and it's something I've seen in quite a few cases. The wp-admin login page is another area that should be secured. A plugin like 'Limit Login Attempts' can be useful here.

Leave a Reply

Your email address will not be published. Required fields are marked *