This article is to bring to the attention of those WordPress users who are unaware of a recent security alert by Matt Mullenweg on June 21, 2011. Basically, the alert involves the recommendation of a compulsory password reset for all users particularly those who use the same password for two or more services following the observation of suspicious commits containing cleverly disguised backdoors affecting some popular WordPress plugins by the WordPress team.
The affected WordPress plugins that have raised the security alert include AddThis, WPtouch and W3 Total Cache. Due to the suspicion that the commits were not from the affected plugins’ authors, there were rolled back, pushed to update, while access to their repository were shut down to make room for proper investigation. As a result of the ensuing investigation, the WordPress team decided to force-reset all passwords on WordPress.org. Therefore, users who intent to use the forums, trac, or commit to a plugin or theme, will now have to reset their passwords to a new one.
In addition to the password reset, users of the AddThis, WPtouch and/or W3 Total Cache plugines should check to confirm that they have upgraded to the latest versions from the updates page. Thus, the general advice is to always remember to reset your password occasionally and do not ignore updates whenever there are available.
is it make the blog saver from the hacker..
I love anything that helps my blog to stay safe from hackers!
Thanks for the blog! I missed out on that warning! They should make some big warning in WP. I use those three plugins, so I hope I’m save. My site got hacked a few months ago, and took me a full day to get the site back running again, hope it never gonna happen again.
Admin you are really fast to bring these latest updates to us. thanks for your awesome resources.
I often visit some of my favorite wordpress blogs but I’ve still not come across any blogs sharing this information. I’d definitely want to know more about this security alert. It’s getting more interesting exploring this blog.
Using the same password makes it easier to login in different accounts. But I guess its not really safe. Thanks for the heads up!
Since I don’t use these plugins, I had no idea. But it’s always interesting to know, just in case. So thanks for the article. And I’m not really surprised, WordPress is a great, reliable tool !
I am using wordpess on many sites but I was not known this update of WordPress.
really? wow.. I feel safer already..
Very nice information, it really help me to protect my blogs to the hackers. I like your posts.
Thanks for the info.
i appreciate all their efforts on keeping us safe.. nice job to them!
This is a great reason why it is important to always install updates. Hackers are frightening me especially now that my personal blog is already big.
I find updating wordpress quite a hassle, because sometimes it breaks my site. Good thing I used backup buddy so if anything goes wrong I can always go back to my previous setup.
I have gone through some good plugin for this problem like WordPress secure login, CHAP Secure Login etc. But it is must to update your all plugin as soon as they are updated. Thanks for sharing and adding this post.
I have 3 wordpress accounts… It’s annoying to have to change the passwords of each one. They all now have their own unique passwords.
I have used the wordpress for many years and I found if we install the wordpress correclty and make some wordpress plgine in use. Safe is not a problem. Most safe problem caused by the comment function,I close it usually.
Good to know. Will have to reset my password.
Thanks!
This is good news to all WordPress users. They will no longer about spamming and hacking since the security is even more better now than before.
I was completely unaware of this security alert, thanks a lot for bringing it to my attention. The advice to reset passwords occasionally is useful as well. Presumably the update was posted on the dashboard, but I never look at it. I’ll have to make a point of looking at it now and again.
Oh, I hope that I am not too late to catch this update.