A screenshot of the settings control panel for AddThis, one of the plugins affected
(WEB HOST INDUSTRY REVIEW) -- Open-source blogging platform WordPress (http://www.wordpress.org/) reset passwords on Tuesday because of suspicious activity around plugins, according to a report by TechCrunch.
This announcement comes nearly two months after WordPress experienced a major DDoS attack. The attack caused disruptions for sites reliant on the platform for content, including TechCrunch.
According to the report, WordPress itself was not hacked but some plugins author accounts were.
WordPress founder Matt Mullenweg said in a blog post that after noticing the suspicious activity to plugins AddThis, WPtouch and W3 Total Cache, he decided to force-reset all passwords.
Mullenweg says the plugins contained "cleverly disguised backdoors."
"We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory," he wrote in the blog post.
WordPress users who want to contribute to forums, trac or commit to a plugin or theme need to reset their password.
According to TechCrunch, the password change will affect a couple million people.
Mullenweg says WordPress is still investigating what happened and warns users to never use the same password for two different services.
Users of AddThis, WPtouch or W3 Total Cache should upgrade each to the latest version, Mullenweg says.
Article Source http://www.thewhir.com/web-hosting-news/062211_WordPress_Forces_Password_Reset_After_Suspicious_Activity_on_Plugins_Detected permits to republish here.
<<<<<<<<<<<<<
Click Most Updated Discount Coupon Codes & My Personal Web Hosting Recommendations
Click http://nightwishmarketing.web.officelive.com/WebHosting.aspx
Stay Tuned!
Click http://nightwishmarketing.web.officelive.com/WebHosting.aspx
Stay Tuned!
<<<<<<<<<<<<
