Security Alert: WordPress Plugins Hacked & WordPress.org Resets All Passwords

WordPress LogoOn Tuesday 21st June WordPress.org found several popular WordPress plugins hacked in their popular WordPress plugin repository.

Almost every WordPress website uses plugins from this repository, so this attack could expose tens of thousands of websites, and all their website visitors, to an enormous security risk.

Hackers had modified several popular plugins to give them full access to any websites using the modified plugins, and have presumably gained access to the passwords of some, or possibly all, WordPress.org users.

If you have a WordPress website please read this post for advice on how to keep it secure, as well as referring to WordPress.org

What To Do If You Installed or Updated a WordPress Plugin Recently

If you installed or upgraded a WordPress plugin recently, certainly since Tuesday 21st June (inclusive) it may contain a ‘backdoor’ giving hackers full access to your WordPress website.

In this case, you must:

  • Immediately disable the plugin (or downgrade to an earlier version) and then change all your admin level passwords. WordPress.org say that only three plugins are affected and you can simply update them to restore the safe versions (see “Latest Information” below for a link).

What Every WordPress Website Owner Must Do

If you have a WordPress website you probably have an account on WordPress.org, and if so, your WordPress.org password may now be known to hackers.

  • If you use the same password anywhere else, you must change it on those services or systems, or they may be accessible to hackers.

Re-using passwords is a bad idea and unnecessary. For an easy way to have different easily remembered passwords for every website you use, see my advice on password security

Note, WordPress.org have forced a reset of all their passwords, so you will be forced to change it on WordPress.org.

Latest Information

To keep updated either leave a comment below, visit and ‘Like’ my facebook page, or follow my twitter page.

Advertisement: WordPress website hosting from $1.99/month or $34/year inclusive. Perfect for freelancers & small business. Free domain name, one-click installer, cPanel and all the trimmings, plus expert 24×7 support. Get a 50% web hosting discount coupon here only from theWebalyst.com

Here’s the announcement from WordPress.org

Help Please!

If you found this page useful please click:

Your support helps a lot—thanks!


Share this page on facebook
Tweet a link to this page

You must be logged in to post a comment.