ALERT Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.

[KNERD]

Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.

Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into

anchor.host

Seems CloudFlare is trying to get people to use this instead of WordPress

Introducing EmDash — the spiritual successor to WordPress that solves plugin security

Today we are launching the beta of EmDash, a full-stack serverless JavaScript CMS built on Astro 6.0. It combines the features of a traditional CMS with modern security, running plugins in sandboxed Worker isolates.

blog.cloudflare.com

 

[wardmundy]

If you install WordFence on WordPress, all the headaches go away. They've got dozens of whiz kids that keep WordPress safe... no small feat these days.

 

[KNERD]

In this case, I am not sure WordFence would have helped since the malicious code was inserted at the sources of approved plugins.

 

[mbellot]

I read the link but I'm not clear on the overall impact.

Does this just affect the "owner" of the WP site, jut visitors to the site, or both?

 

[wardmundy]

In this case, I am not sure WordFence would have helped since the malicious code was inserted at the sources of approved plugins.

If the malware is in the WordFence database, it gets blocked whether the end-user has downloaded the plugin or not. Also WordPress more than likely has already blacklisted these apps so a user would have to download the plugin directly from the now-compromised web site.

 

[KNERD]

I read the link but I'm not clear on the overall impact.

Does this just affect the "owner" of the WP site, jut visitors to the site, or both?

It affected the web sites themselves, but would have shown the visitors some various spam according to the article.