WordPress.org asks users to reset passwords in the face of plugin security breach

WordPress.org Logo

It looks like all the hack-happy bands prowling the web are out for some more fun. Call it cyber-terrorism or something less sharp, WordPress.org is the latest to succumb to it. Accordingly, users are being forced to reset their passwords in the light of a potential plugin security breach.

It started with suspicious commits to AddThis, WPtouch, and W3 Total Cache being noted and detected as containing well-camouflaged backdoors. After determining that the commits did not originate from the authors, these were then rolled back. Updates were pushed to the plugins and access to the concerned repository shut off.

Those who want to use the forums, trac as well as commit to a theme or plugin will be required to reset their password to another one. The same holds good for bbPress.org and BuddyPress.org members too. The folks over at WordPress.org say they’re still investigating the issue even while enforcing these measures.