In association with heise online

22 June 2011, 10:58

Backdoor in popular WordPress plug-ins

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

WordPress Logo Following the discovery of a backdoor in three popular plug-ins, the developers of WordPress reset the passwords for and blocked access to all extension repositories while they "looked for anything else unsavory". It is still unclear how the backdoors got into the AddThis, WPtouch and W3 Total Cache plug-ins.

The Wordpress developers have determined that developers did not create the backdoors themselves; currently, it is assumed that attackers got hold of their account access data and manipulated the code in the repository. The operators of did not, however, say how the unidentified parties could have got hold of this access data, explaining merely that the case is still being investigated and that passwords have been reset to be on the safe side, including for the web sites and

The backdoors in the plug-ins are reported to be very well camouflaged. The WordPress developers have put the old versions without a backdoor back into the repositories. Anyone who uses these plug-ins and has updated over the past few days, should revisit the update web site and install the version currently offered. That should remove potential backdoors – unless attackers have already entered the system and set up additional access channels.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit