Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home News
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Malicious backdoors affect thousands of WordPress websites

Tony40Tony40 Member
in News

Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Dozens of plug-ins for the widely used open source web blogging software WordPress are now offline after a backdoor was discovered in them, used to push malicious code to any website that relied on the plug-ins. The backdoor was discovered after a new corporate owner bought these plug-ins.

Anchor Hosting founder Austin Ginder sounded the alarm in a blog post last week describing a supply chain attack on a WordPress plug-in maker called Essential Plugin. Ginder said someone last year bought Essential Plugin and the backdoor was soon added to the plug-ins’ source code. The backdoor sat dormant until earlier this month when it activated and began distributing malicious code to any website with the plug-ins installed. ....

https://techcrunch.com/2026/04/14/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites/

Thanked by 1Ympker

Comments

  • Carlin0Carlin0 Member

    Nothing new
    WordPress is a backdoor :)

    Thanked by 7nghialele sayem314 rpqu tux forest WebProject stable_genius
  • ransomshellransomshell Member

    And water is wet.

    Thanked by 2nghialele sayem314
  • zejjntzejjnt Member

    lol fork found in kitchen

    Thanked by 5nghialele sayem314 tux lukgth forest
  • zedzed Member

    Good news, you can just switch to CF's vibe-coded WordPress replacement.

    Thanked by 3zejjnt Heron NushairAlvi
  • hades_corpshades_corps Member
    edited April 15

    Legitimate question: what's the alternative?
    Sure I can use insert_name_here but that's also means writing a bunch plug-ins to support shipping services, banks, weird local addresses. Plus, keeping them updated. Or I can use WP and spend time to beef up security instead. Neither option is cheap for a small company!

    No, local 3rd party services don't play nice with eachother so I would have to pay for multiple services and have data fragmented any how!?

  • LeviLevi Member

    No alternatives. Clean malware and continue like nothing happened.

    Thanked by 2buggedout stable_genius
  • jsgjsg Member, Resident Benchmarker

    FYI, here's the list of the evil plugins (from the original site):

    • Accordion and Accordion Slider — accordion-and-accordion-slider
    • Album and Image Gallery Plus Lightbox — album-and-image-gallery-plus-lightbox
    • Audio Player with Playlist Ultimate — audio-player-with-playlist-ultimate
    • Blog Designer for Post and Widget — blog-designer-for-post-and-widget
    • Countdown Timer Ultimate — countdown-timer-ultimate
    • Featured Post Creative — featured-post-creative
    • Footer Mega Grid Columns — footer-mega-grid-columns
    • Hero Banner Ultimate — hero-banner-ultimate
    • HTML5 VideoGallery Plus Player — html5-videogallery-plus-player
    • Meta Slider and Carousel with Lightbox — meta-slider-and-carousel-with-lightbox
    • Popup Anything on Click — popup-anything-on-click
    • Portfolio and Projects — portfolio-and-projects
    • Post Category Image with Grid and Slider — post-category-image-with-grid-and-slider
    • Post Grid and Filter Ultimate — post-grid-and-filter-ultimate
    • Preloader for Website — preloader-for-website
    • Product Categories Designs for WooCommerce — product-categories-designs-for-woocommerce
    • Responsive WP FAQ with Category — sp-faq
    • SlidersPack – All in One Image Sliders — sliderspack-all-in-one-image-sliders
    • SP News And Widget — sp-news-and-widget
    • Styles for WP PageNavi – Addon — styles-for-wp-pagenavi-addon
    • Ticker Ultimate — ticker-ultimate
    • Timeline and History Slider — timeline-and-history-slider
    • Woo Product Slider and Carousel with Category — woo-product-slider-and-carousel-with-category
    • WP Blog and Widgets — wp-blog-and-widgets
    • WP Featured Content and Slider — wp-featured-content-and-slider
    • WP Logo Showcase Responsive Slider and Carousel — wp-logo-showcase-responsive-slider-slider
    • WP Responsive Recent Post Slider — wp-responsive-recent-post-slider
    • WP Slick Slider and Image Carousel — wp-slick-slider-and-image-carousel
    • WP Team Showcase and Slider — wp-team-showcase-and-slider
    • WP Testimonial with Widget — wp-testimonial-with-widget
    • WP Trending Post Slider and Widget — wp-trending-post-slider-and-widget

    Hth.

    Thanked by 6Tony40 Heron forest zejjnt Frameworks DataRecovery
  • buggedoutbuggedout Member

    @Levi said:
    No alternatives. Clean malware and continue like nothing happened.

    Yes but I saw a wordpress fork named classicpress, they have removed many legacy componenets but have kept some too !! I guess maybe its an alternative people can look into.

  • AudioDogeAudioDoge Member

    The pope is catholic

    Thanked by 1zejjnt
  • LeviLevi Member

    @buggedout said:

    @Levi said:
    No alternatives. Clean malware and continue like nothing happened.

    Yes but I saw a wordpress fork named classicpress, they have removed many legacy componenets but have kept some too !! I guess maybe its an alternative people can look into.

    People can, but business - not. These malware incidents keeps giving some gigs for people, something bright in gloomy day.

    Thanked by 1buggedout
  • SaragoldfarbSaragoldfarb Member, Megathread Squad

    Try to penetrate my backdoor and see what happens....

    Thanked by 1zejjnt
  • defaultdefault Veteran

    @Saragoldfarb said:
    Try to penetrate my backdoor and see what happens....

    I would not even think of trying. I would rather ask nicely and wait to be invited through the front door. Civilisation and good manners are built on mutual respect. A website is much more beautiful when one checks, reads and understands the actual content and its author, instead of bypassing everything looking for backdoors like some abuser with a (caveman club) artificial intelligence in his hands.

    Thanked by 1Saragoldfarb
  • TimboJonesTimboJones Member

    @Saragoldfarb said:
    Try to penetrate my backdoor and see what happens....

    Good time all around? :p

    Thanked by 2Saragoldfarb forest
  • SaragoldfarbSaragoldfarb Member, Megathread Squad

    @default said:

    @Saragoldfarb said:
    Try to penetrate my backdoor and see what happens....

    I would not even think of trying. I would rather ask nicely and wait to be invited through the front door. Civilisation and good manners are built on mutual respect. A website is much more beautiful when one checks, reads and understands the actual content and its author, instead of bypassing everything looking for backdoors like some abuser with a (caveman club) artificial intelligence in his hands.

    @TimboJones said:

    @Saragoldfarb said:
    Try to penetrate my backdoor and see what happens....

    Good time all around? :p

  • NushairAlviNushairAlvi 🚩 Host Rep Tag Suspended

    Vibe coded wordpress from another world !

  • FubukiboxFubukibox Member

    @zed said:
    Good news, you can just switch to CF's vibe-coded WordPress replacement.

    Just tried "deploying" it. Requires me to spend $5/mo lol

  • zedzed Member

    @Fubukibox said:

    @zed said:
    Good news, you can just switch to CF's vibe-coded WordPress replacement.

    Just tried "deploying" it. Requires me to spend $5/mo lol

    lol don't https://news.ycombinator.com/item?id=47602832

Sign In or Register to comment.