WordPress Users Warned of Malicious Plug-Ins
WordPress lately cautioned each of its accountholders who used the company's software to remain watchful of three malevolent plug-ins that were associated with the content management application it provided, being possibly offered for taking down online from WordPress.org during a 24-hour or more period, thus published InformationWeek in news on June 22, 2011.
Essentially, WordPress is asking the clients to reset their passwords because it has discovered cunningly disguised backdoors within 3 widely-used plug-ins. Unauthorized people instead of legitimate authors reportedly, uploaded them, said founding developer Matt Mullenweg of WordPress. The Register published this in news on June 22, 2011.
Mullenweg further said that his company was still investigating the problem; however to take precaution it decided to forcibly make users change their passwords on WordPress.org. He added that for accessing the trac, forums, alternatively for linking up with a theme or plug-in, users must create a fresh password. GMA NEWS published this in news on June 23, 2011.
Says WordPress, the affected plug-ins are W3 Total Cache, WPtouch, and AddThis. For clients who've made any of them up-to-date during the past 48-hours it's advisable that they uninstall the same followed with upgrading to the latest edition that's being hosted on WordPress.org.
Significantly, plug-ins whether malevolent or not, keep on being responsible for a growing number of security flaws within software programs running on computers or within Web-applications like WordPress. With respect to WordPress, plug-ins, currently, are responsible for 80% of the entire security flaws within the application, states HP DVLabs. InformationWeek published this in news on June 22, 2011.
Moreover it is being further warned that like always, end-users mustn't utilize a common password for many accounts or websites for, though it may make things more convenient that way, it's not at all a secure method for safeguarding one's online identity.
Specifically, Mullenweg explained that when using 2 separate services, one must ensure for never utilizing an identical password; and it was advisable that while resetting a password, care should be taken that it wasn't an old one of the user. The Inquirer published this in news on June 22, 2011.
» SPAMfighter News - 02-07-2011