In the wake of the last blog post here about picking the right blogging platform, I figured I should mention something about this. Yesterday morning, June 21st, WordPress released a statement saying that several popular plugins had been compromised. These compromised plugins include AddThis, WPtouch, and W3 Total Cache.
By the time WordPress had released this statement, it sounded like they had most everything already under control. But after all of the recent media attention for security breaches, it would be stupid for a company not to be taking control of these sorts of things. In their post, they wrote:
We’re still investigating what happened, but as a prophylactic measure we’ve decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one.
Even if you weren’t using these specific plugins it would probably still be a good idea to change your password and any other account that used the same password. This also may be a good time to start using a password management program. It’s cases like this where it doesn’t matter how strong your password is, it is going to be compromised. One of those management programs make it easy to use a different password for every account and make it very easy to change it to another very strong password.
Were you affected by this breach? Are you going to be doing anything differently in the future? Let us know in the comments.