Backdoor discovered in WordPress plugins after essential plugin suite change
A sneaky backdoor was found in dozens of popular WordPress plugins after the Essential Plugin suite changed owners.
The new owner quietly slipped in malicious code, which only started causing trouble earlier this month.
Austin Ginder from Anchor Hosting broke down what happened, sharing that the affected plugins were pulled from WordPress's directory.
Experts urge WordPress owners to check
With over 400,000 total installs and more than 20,000 active sites using these plugins, a lot of websites were put at risk just because of a change in plugin ownership.
This is actually the second similar incident in as many weeks.
Security experts are reminding everyone to double-check for any weird or unknown plugins on their sites.
As Ginder put it, WordPress owners should check whether they still have one of the malicious plug-ins installed and remove it.