Wordpress Infected With Malicious Software
WordPress, one of the best blogging platform available on the net has been infected with malicious software by hackers following which the blogging platform has requested all its users on WordPress.org to reset their passwords in order to safeguard their accounts from this attack.
This urgent need for resetting the passwords came in after 3 famous plugins were found to be containing "backdoors" which were disguised very smartly. This backdoor had been uploaded by unauthorized people and not by the genuine plugin authors claimed Matt Mullenweg, founder and developer of WordPress. These plugins have been restored back to their original versions as well as the plugin store has been shut down temporarily to scan it thoroughly for any additional unnoticed malware.
The plugins affected by this attack are "AddThis", "WPTouch" and "W3 Total Cache". All those bloggers who have made updates to these plugins in the past 48 hours, please uninstall them and update to a current version hosted on the WordPress.org site. As a precautionary measure, Mullenweg has advised all the users to change their password and update it to a newer one that doesn't bear any resemblance to the old password.
Mullenweg has not yet revealed how the hackers were able to breach the plugin repository and whether any action has been taken to prevent such breaches in the future. According to Sophos, this breach has affected only those users who are using WordPress.org whereas the users of WordPress.com platform which is governed by the firm Automatic remains unaffected. Even Automatic had been attacked by Hackers in April resulting in theft of sensitive code that belonged to the company and its partners.
Follow Technorati