According to a blog post on WordPress, it has been confirmed that there was indeed, an attempt to tamper with the data present on the site. The blog further revealed that the miscreants had very discreetly uploaded three ‘plug-ins’ , i.e. software written by a third party for use within the blog site, namely AddThis, WPTouch and W3 Total Cache, on the site with backdoors, equally well placed.
The Word is out..
As soon as the team realized that the uploads weren’t authorized, they rolled the plug-ins back, and eventually shut down all access to the plug-ins. Even as the investigations are on, WordPress has, on its blog, urged that all its users reset their passwords on WordPress.org with immediate effect. The same would also apply to the users of bbPress.org and BuddyPress.org, the post further stated. As a precautionary measure, WordPress also mentioned in its post that users shouldn’t use the same passwords for two different services, and not reset their password to their previous one.
Also, users of AddThis, WPTouch and W3 Total Cache were asked to visit their previous day updated pages again, and upgrade those to the latest version.