Dozens of WordPress Plug-ins Taken Offline After Backdoor Discovery
Dozens of WordPress plug-ins were removed from the directory after a backdoor was found in their source code. The backdoor, added following a corporate purchase last year, activated earlier this month and distributed malicious code to affected websites. Essential Plugin, with over 400,000 installs, is among the impacted products.
Peter Saville / Wikimedia (Public domain)# Dozens of WordPress Plug-ins Taken Offline After Backdoor Discovery Dozens of WordPress plug-ins were taken offline after a backdoor was discovered in them. The plug-ins have been removed from the WordPress directory and now list their closure as permanent. The backdoor was discovered after a new corporate owner bought the plug-ins.
Anchor Hosting founder Austin Ginder published a blog post last week describing a supply chain attack on Essential Plugin. Someone bought Essential Plugin last year. The backdoor was added to the plug-ins' source code soon after the purchase of Essential Plugin.
Backdoor Activation and Malicious Distribution The backdoor sat dormant until earlier this month when it activated.
It began distributing malicious code to websites with the plug-ins installed earlier this month. Essential Plugin has over 400,000 plug-in installs and more than 15,000 customers. The affected plug-ins are in over 20,000 active WordPress installations.
This is the second hijack of a WordPress plug-in discovered in as many weeks, according to Ginder. Representatives for Essential Plugin did not respond to a request for comment.
Context of the Supply Chain Attack Ginder's blog post detailed the timeline of the attack on Essential Plugin.
The purchase occurred last year, followed by the addition of the backdoor. The dormant period ended with activation earlier this month, leading to the distribution of malicious code. TechCrunch reported on the discovery and the subsequent offline status of the plug-ins.
The corporate owner acquired the products, after which the backdoor was embedded in the source code. This event marks the second such incident in recent weeks.
Story Timeline
4 events- Earlier this month
Backdoor activated and began distributing malicious code to websites.
1 sourceAustin Ginder - Last week
Austin Ginder published blog post describing supply chain attack on Essential Plugin.
1 sourceAustin Ginder - Last year
Someone bought Essential Plugin.
1 sourceAustin Ginder - Soon after purchase last year
Backdoor added to plug-ins' source code.
1 sourceAustin Ginder
Potential Impact
- 01
Websites with affected plug-ins receive malicious code, potentially compromising security.
- 02
Over 20,000 active installations impacted by plug-in removal.
- 03
15,000 customers of Essential Plugin face disruption from permanent closure.
- 04
Increased scrutiny on WordPress plug-in acquisitions following second incident.
Transparency Panel
Related Stories
Oberon Copeland @veryinformed.com (Unsplash)Roblox Announces Age-Locked Account Tiers for Users Under 16 Launching in June
Roblox is introducing Kids accounts for ages 5-8 and Select accounts for ages 9-15, with automatic progression to standard accounts at age 16. The tiers, launching in June, limit access to age-appropriate games and restrict communication features. The platform, with 144 million d…
restofworld.orgRedNote Opens U.S. Offices and Launches RedShop Marketplace in 2026 Expansion
RedNote, a Chinese social media platform founded in 2013, is expanding into the U.S. with new offices in Palo Alto and New York and hiring for founding teams. The company launched RedShop, a crossborder marketplace featuring Chinese cultural products. RedNote has more than 300 mi…
Achmad Mulyana / Wikimedia (CC BY 3.0)Rockstar Games Hit by Second Data Breach at Third-Party Provider
Rockstar Games confirmed a data breach at a third-party provider, marking the second hack for the company. The group ShinyHunters claimed responsibility and demanded a ransom by April. Rockstar stated the incident will have no impact on operations.