Attempted hacker attack on WordPress plugins: analysis of the situation and recommendations for protection

Article image Attempted hacker attack on WordPress plugins: analysis of the situation and recommendations for protection
Article image Attempted hacker attack on WordPress plugins: analysis of the situation and recommendations for protection
Publication date:12.11.2025
Blog category: SEO and Promotion

Recently, WordPress plugins have come under attack from hackers who use stolen credentials (from other data leaks) to gain direct access to the plugin code. These attacks are of particular concern because they can get inside because the compromise appears to users as plugins with a normal update.

"A software supply chain attack occurs when a cybercriminal infiltrates a software vendor's network and uses malicious code to compromise the software before the vendor ships it to its customers. The compromised software then compromises the customer's data or system. Newly purchased software may be compromised from the outset, or the compromise may occur through other means, such as a patch or hotfix." - US Cybersecurity and Infrastructure Security Agency (CISA)

In this particular case of the WordPress plugin attack, the attackers use stolen credentials to access developer accounts that have direct access to the plugin code to add malicious code to the plugins in order to create admin accounts on all websites that use the compromised WordPress plugins.🚀

  • 📌 Wordfence today announced that additional WordPress plugins have been identified that have been compromised.
  • 📌 It's important to understand what's going on and be proactive about protecting the sites under your control.
  • 📌 Wordfence released a report that more plugins were compromised, including a very popular podcasting plugin called PowerPress Podcasting plugin by Blubrry.
Plugins that were attacked include: WP Server Health Stats, Ad Invalid Click Protector (AICP), PowerPress Podcasting plugin by Blubrry, Seo Optimized Images, Pods – Custom Content Types and Fields, Twenty20 Image Before-After.
It is recommended that you check your database to ensure that no fake admin accounts have been added to your WordPress website. The plugins that were attacked create admin accounts with the usernames "Options" or "PluginAuth", so these are the usernames to watch out for.
Some plugins have been updated to fix the problem, but not all. Whether or not the compromised plugin has been patched to remove the malicious code and update the developer password, site owners should check their database to ensure that no fake admin accounts have been added to the WordPress website.
🧩 Conclusion: The importance of website security cannot be overstated, especially in the context of the constant threat of cyber attacks. Businesses and web developers need to regularly update their plugins, use robust security systems, and check their accounts for unfamiliar admin accounts.
🧠 Own Considerations: As cybercriminals are constantly improving their attack methods, it is important for web developers and site owners to stay up-to-date on the latest trends in cyber security. Researching and understanding modern attack techniques like this one involving WordPress plugins is key to ensuring your web assets are protected.
Попередня стаття: Impact of soft 404 errors on SEO: clarification and recommendations
Наступна стаття: Google Challenges: Understanding not and prepositional queries

Comments

Увійдіть, щоб залишити коментар