September 26, 2016

WordPress.org Force-resets All Passwords

WordPress.org has come under an unusual attack where hackers have attempted to upload new version of popular WordPress plugins with cleverly disguised backdoors. Once the WordPress team noticed these suspicious commits they rolled back the affected plugins, told the authors and shut down access to the plugin repository to check for anything else unsavory.

As a preventive measure the WordPress team have decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one. (This also applies to bbPress.org and BuddyPress.org.)

Any users of AddThisWPtouch, or W3 Total Cache should upgrade each to the latest version to ensure you are not running a hacked version.