27th June 2011
A quick warning to everybody that uses WordPress (which will be most of you ;-)). WordPress.org admitted that three popular plugins in their plugin repository have been, maliciously, replaced by hacked versions in the last 24-48h or so. The affected plugins are:
- Add This (social bookmarking)
- W3 Total Cache (caching)
- WP Touch (blog to iPhone application)
The full story can be found here at the official WordPress blog (link to story), here the summary for the impatient reader 😉
It seems that only the three plugins mentioned above are affected.
You are only at risk if you have updated the plugins in the last days or so, when the hack happened and you downloaded an infected / hacked plugin.
If that is the case, simply download / update NOW your plugins as the WordPress repository has been cleaned up and the versions available now are clean again.
You also have to reset your password for the WordPress.org site, as the guys there have done a ‘forced password reset’ to prevent further problems. If know of any news regarding this, especially on how the hacked plugins actually affected the sites, please leave them in a comment.
Many thanks to Scott from Liberty Web Marketing who alerted me first to the problem via a Facebook group that we are both members of. You see, social media can be damm useful 😉 Thanks Scott!
If you like this blog post and found it helpful, why not share it with your preferred social network? Handy links and bookmarklets above ^^^ 😉