It may be necessary to change password on WordPress.org!!!!


 

Potential Plugin Security Breach Forces WordPress.org To Reset Passwords

WordPress.org is forcing users to reset their passwords after several popular plugins were compromised by hackers.

“Earlier today the WordPress team noticed suspicious commits to several popular plugins containing cleverly disguised backdoors,” Automattic founder Matt Mullenweg said in a blog post. “We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.”

Mullenweg says that AddThis, WPtouch and W3 Total Cache were the plugins that were compromised in the attacks.

As a precautionary measure, WordPress.org is force-resetting all passwords on WordPress.org. This doesn’t affect WordPress-powered blogs, but does affect WordPress.org forums, trac and code commits to plugins or themes.

This isn’t the first time WordPress has been targeted by hackers; WordPress.com (owned by Automattic and separate from WordPress.org) was the victim of a low-level root access breach in April.

One thought on “It may be necessary to change password on WordPress.org!!!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s