top of page
Stay Connected and Informed
Subscribe to Our Mailing List for Access to More Blogs and Resources!

Thanks for subscribing!

  • Abi

Themes and plugins for WordPress backdoored as part of supply chain attack

Updated: Sep 18, 2023

If you operate a WordPress website, you need to be aware of a significant supply chain attack that's affecting numerous themes and plugins.

Overview of the Attack

  • Discovery: The attack was first uncovered by JetPack.

  • Scale of Compromise: A total of 93 add-ons have been compromised: 40 themes and 53 plugins developed by AccessPress.

  • Nature of Threat: Malware embedded within the affected plugins and themes acts as a backdoor, granting attackers full control over compromised WordPress sites.

  • Details of Malware: Researchers at Jetpack stumbled upon this flaw when they identified a malicious PHP backdoor within these themes and plugins.

  • Where to Find Affected Plugins/Themes: A comprehensive list of all affected themes and plugins is available in JetPack's official blog posts.

Immediate Actions to Take

  1. Update Affected Items: If you are using any of the compromised plugins or themes, update them immediately, as specified in JetPack's post.

  2. Reinstall WordPress: Even after updating, it's essential to install a fresh copy of WordPress to reverse the core file changes made during the malware's insertion.

  3. Use JetPack's Security Scanner: If you're uncertain about your site's status, employ JetPack's security scanner for clarity.

  4. Seek Expert Help: Reach out to us for specialized assistance with our maintenance service. Please note: existing customers are already safeguarded and need not take additional steps.

This serves as a further reminder of the importance of keeping your WordPress site up to date and using only reputable plugins and themes. Keep an eye on security headlines to remain on top of any potential dangers.


As more information becomes available, we’ll continue to watch the situation and update our blog. Affected Theme List Affected Plugin List

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page