Wednesday, June 22, 2011

WordPress Forces Password Resets As A Precautionary Move

WordPress posted on it's blog that they:

Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.

Matt Mullenweg, founder of WordPress, chimed in that:

"There are 15 K plugins so happens sometimes. We haven't pissed off LulzSec yet. :)"

At least WordPress seems to have taken a rather draconian approach to stall and fend off hackers from their large user base, and also avoid the Sony Effect by pissing off hackers. Let's hope more companies take pre-emptive strikes like these and nip hacks in the bud. Let's hope they take stronger measures in the near future by adopting dynamic passwords and challenge-response based logins.

No comments:

Post a Comment