WordPress announced that the source code of three plugins for its popular blog-hosting software (wordpress.org) was maliciously modified, as per a report from sophos. The WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. According to WordPress, the modified plugins were Trojanised to include backdoors.
WordPress advises its users to never use the same password for two different services, and not to reset your password to be the same as their old one. And wordpress says if you use AddThis, WPtouch, or W3 Total Cache and there’s a possibility you could have updated in the past day, make sure to visit your updates page and upgrade each plugin to the latest version.
Web-based backdoors can be extremely dangerous. If you’re a WordPress user, you’ll know that the WordPress platform includes a complete and powerful administration interface, password-protected, via a URL such as “site.example/wp-admin”. A WordPress backdoor might offer something with similar functionality, but using a different, unexpected, URL, and using a password known to the hacker, instead of to you.
Plugins consist of add-in modules which you install on your WordPress server in order to implement additional functionality, instead of writing all the needed code yourself. Where you might use a DLL with a Windows program – for example, to add a feature such as SSL support or an edit control into an existing application – you’d use a plugin with WordPress. DLLs are usually written in a language such as C or C++ and compiled into native machine code; WordPress plugins are generally written in a mixture of JavaScript, PHP, HTML and CSS.
This attack doesn’t affect you or your users unless:
- You run your own installation of the WordPress platform.
- You use one of these plugins: AddThis,WPtouch, or W3 Total Cache.
- You updated your installed copy of one of those plugins in the past 48 hours from wordpress.org.
Be the first to comment