Themes and plugins for WordPress backdoored as part of supply chain attack
If you’re using a WordPress site, it’s time to check and see if your themes and plugins are part of a massive supply chain attack that has compromised 93 add-ons. The attack, which was first discovered by JetPack, affects 40 themes and 53 plugins developed by AccessPress.
The malware contained in the plugins and themes gives threat actors a backdoor into WordPress sites, providing them with full access to the websites. Researchers at Jetpack, the makers of a security and optimization tool for WordPress sites, discovered the flaw when they discovered that a PHP backdoor had been added to the themes and plugins. You can find list of affected themes and plugins in the JetPack blog posts.
If you use any of the affected plugins or themes, it is critical that you update them as soon as possible, as detailed in the post above. This does not completely resolve the issue, and you should also reinstall a fresh copy of WordPress to undo the core file modifications made during the backdoor’s installation.
If you’re not sure whether your site is affected, you can use JetPack security scanner to check. You can also contact us for assistance for our maintenance service; this does not apply to existing customers because you are already covered.
This serves as a further reminder of the importance of keeping your WordPress site up to date and using only reputable plugins and themes. Keep an eye on security headlines to remain on top of any potential dangers.