Updated: Sep 18
If you operate a WordPress website, you need to be aware of a significant supply chain attack that's affecting numerous themes and plugins.
Overview of the Attack
Discovery: The attack was first uncovered by JetPack.
Scale of Compromise: A total of 93 add-ons have been compromised: 40 themes and 53 plugins developed by AccessPress.
Nature of Threat: Malware embedded within the affected plugins and themes acts as a backdoor, granting attackers full control over compromised WordPress sites.
Details of Malware: Researchers at Jetpack stumbled upon this flaw when they identified a malicious PHP backdoor within these themes and plugins.
Where to Find Affected Plugins/Themes: A comprehensive list of all affected themes and plugins is available in JetPack's official blog posts.
Immediate Actions to Take
Update Affected Items: If you are using any of the compromised plugins or themes, update them immediately, as specified in JetPack's post.
Reinstall WordPress: Even after updating, it's essential to install a fresh copy of WordPress to reverse the core file changes made during the malware's insertion.
Use JetPack's Security Scanner: If you're uncertain about your site's status, employ JetPack's security scanner for clarity.
Seek Expert Help: Reach out to us for specialized assistance with our maintenance service. Please note: existing customers are already safeguarded and need not take additional steps.
This serves as a further reminder of the importance of keeping your WordPress site up to date and using only reputable plugins and themes. Keep an eye on security headlines to remain on top of any potential dangers.