Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


WordPress Users Warned of Malicious Plug-Ins

WordPress lately cautioned each of its accountholders who used the company's software to remain watchful of three malevolent plug-ins that were associated with the content management application it provided, being possibly offered for taking down online from WordPress.org during a 24-hour or more period, thus published InformationWeek in news on June 22, 2011.

Essentially, WordPress is asking the clients to reset their passwords because it has discovered cunningly disguised backdoors within 3 widely-used plug-ins. Unauthorized people instead of legitimate authors reportedly, uploaded them, said founding developer Matt Mullenweg of WordPress. The Register published this in news on June 22, 2011.

Mullenweg further said that his company was still investigating the problem; however to take precaution it decided to forcibly make users change their passwords on WordPress.org. He added that for accessing the trac, forums, alternatively for linking up with a theme or plug-in, users must create a fresh password. GMA NEWS published this in news on June 23, 2011.

Says WordPress, the affected plug-ins are W3 Total Cache, WPtouch, and AddThis. For clients who've made any of them up-to-date during the past 48-hours it's advisable that they uninstall the same followed with upgrading to the latest edition that's being hosted on WordPress.org.

Significantly, plug-ins whether malevolent or not, keep on being responsible for a growing number of security flaws within software programs running on computers or within Web-applications like WordPress. With respect to WordPress, plug-ins, currently, are responsible for 80% of the entire security flaws within the application, states HP DVLabs. InformationWeek published this in news on June 22, 2011.

Moreover it is being further warned that like always, end-users mustn't utilize a common password for many accounts or websites for, though it may make things more convenient that way, it's not at all a secure method for safeguarding one's online identity.

Specifically, Mullenweg explained that when using 2 separate services, one must ensure for never utilizing an identical password; and it was advisable that while resetting a password, care should be taken that it wasn't an old one of the user. The Inquirer published this in news on June 22, 2011.

Related article: WordPress Discovers Crucial Vulnerability; Recommends End-Users to Load Update

ยป SPAMfighter News - 02-07-2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page