This article is to bring to the attention of those WordPress users who are unaware of a recent security alert by Matt Mullenweg on June 21, 2011. Basically, the alert involves the recommendation of a compulsory password reset for all users particularly those who use the same password for two or more services following the observation of suspicious commits containing cleverly disguised backdoors affecting some popular WordPress plugins by the WordPress team.
The affected WordPress plugins that have raised the security alert include AddThis, WPtouch and W3 Total Cache. Due to the suspicion that the commits were not from the affected plugins’ authors, there were rolled back, pushed to update, while access to their repository were shut down to make room for proper investigation. As a result of the ensuing investigation, the WordPress team decided to force-reset all passwords on WordPress.org. Therefore, users who intent to use the forums, trac, or commit to a plugin or theme, will now have to reset their passwords to a new one.
In addition to the password reset, users of the AddThis, WPtouch and/or W3 Total Cache plugines should check to confirm that they have upgraded to the latest versions from the updates page. Thus, the general advice is to always remember to reset your password occasionally and do not ignore updates whenever there are available.
Thanks for reading this article. If you're new here, why don't you subscribe for regular updates via RSS feed or via email. You can also subscribe by following @techsling on Twitter or becoming our fan on Facebook. Thanks for visiting!

20 Comments
Leave a Reply
Cancel reply
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Marry
July 15, 2011 at 9:59 am
is it make the blog saver from the hacker..
Erin
July 16, 2011 at 1:22 pm
I love anything that helps my blog to stay safe from hackers!
Ellen
July 17, 2011 at 10:43 am
Thanks for the blog! I missed out on that warning! They should make some big warning in WP. I use those three plugins, so I hope I’m save. My site got hacked a few months ago, and took me a full day to get the site back running again, hope it never gonna happen again.
reeha
July 17, 2011 at 12:36 pm
Admin you are really fast to bring these latest updates to us. thanks for your awesome resources.
Darin Cunningham
July 17, 2011 at 5:28 pm
I often visit some of my favorite wordpress blogs but I’ve still not come across any blogs sharing this information. I’d definitely want to know more about this security alert. It’s getting more interesting exploring this blog.
Ira
July 18, 2011 at 5:41 am
Using the same password makes it easier to login in different accounts. But I guess its not really safe. Thanks for the heads up!
Mathilde
July 18, 2011 at 12:48 pm
Since I don’t use these plugins, I had no idea. But it’s always interesting to know, just in case. So thanks for the article. And I’m not really surprised, WordPress is a great, reliable tool !
Nawaz
July 18, 2011 at 5:21 pm
I am using wordpess on many sites but I was not known this update of WordPress.
jaust231
July 19, 2011 at 12:37 pm
really? wow.. I feel safer already..
Blue
July 19, 2011 at 1:31 pm
Very nice information, it really help me to protect my blogs to the hackers. I like your posts.
Thanks for the info.
jandelaria
July 20, 2011 at 12:06 pm
i appreciate all their efforts on keeping us safe.. nice job to them!
Raymund
July 22, 2011 at 2:49 am
This is a great reason why it is important to always install updates. Hackers are frightening me especially now that my personal blog is already big.
Stephanie
July 22, 2011 at 1:19 pm
I find updating wordpress quite a hassle, because sometimes it breaks my site. Good thing I used backup buddy so if anything goes wrong I can always go back to my previous setup.
Shah
July 26, 2011 at 9:39 pm
I have gone through some good plugin for this problem like WordPress secure login, CHAP Secure Login etc. But it is must to update your all plugin as soon as they are updated. Thanks for sharing and adding this post.
Chelsea
July 26, 2011 at 11:53 pm
I have 3 wordpress accounts… It’s annoying to have to change the passwords of each one. They all now have their own unique passwords.
robber
August 19, 2011 at 3:06 pm
I have used the wordpress for many years and I found if we install the wordpress correclty and make some wordpress plgine in use. Safe is not a problem. Most safe problem caused by the comment function,I close it usually.
Sandra
September 4, 2011 at 8:58 pm
Good to know. Will have to reset my password.
Thanks!
Jerryl
October 4, 2011 at 6:42 am
This is good news to all WordPress users. They will no longer about spamming and hacking since the security is even more better now than before.
Andy Walton
October 15, 2011 at 1:06 pm
I was completely unaware of this security alert, thanks a lot for bringing it to my attention. The advice to reset passwords occasionally is useful as well. Presumably the update was posted on the dashboard, but I never look at it. I’ll have to make a point of looking at it now and again.
Karen
December 29, 2011 at 9:46 pm
Oh, I hope that I am not too late to catch this update.