With Steven van Vessum and Alexandra Dristas, we’ll also dive into best practices for Core Web Vitals and accessibility that will create an enhanced user experience for your audience.
This event is presented by Wix Studio and Search Engine Journal, featuring a lineup of some of the world’s most prominent digital marketers.
The fourth edition of Ranking Factors is finally here! It got a little makeover both in looks and content inside.
Get your copy and clear away the noise of a crowded search marketing world. Stand out and boost your visibility for your ideal audience.
With Steven van Vessum and Alexandra Dristas, we’ll also dive into best practices for Core Web Vitals and accessibility that will create an enhanced user experience for your audience.
With Steven van Vessum and Alexandra Dristas, we’ll also dive into best practices for Core Web Vitals and accessibility that will create an enhanced user experience for your audience.
WordPress took significant steps to combat supply chain attacks by pausing plugin updates and resetting passwords
WordPress announced over the weekend that they were pausing plugin updates and initiating a force reset on plugin author passwords in order to prevent additional website compromises due to the ongoing Supply Chain Attack on WordPress plugins.
Hackers have been attacking plugins directly at the source using password credentials exposed in previous data breaches (unrelated to WordPress itself). The hackers are looking for compromised credentials used by plugin authors who use the same passwords across multiple websites (including passwords exposed in a previous data breach).
Some plugins have been compromised by the WordPress community has rallied to clamp down on further plugin compromises by instituting a forced password reset and encouraging plugin authors to use 2 factor authentication.
WordPress also temporarily blocked all new plugin updates at the source unless they received team approval in order to make sure that a plugin is not being updated with malicious backdoors. By Monday WordPress updated their post to confirm that plugin releases are no longer paused.
The WordPress announcement on the forced password reset:
“We have begun to force reset passwords for all plugin authors, as well as other users whose information was found by security researchers in data breaches. This will affect some users’ ability to interact with WordPress.org or perform commits until their password is reset.
You will receive an email from the Plugin Directory when it is time for you to reset your password. There is no need to take action before you’re notified.”
A discussion in the comments section between a WordPress community member and the author of the announcement revealed that WordPress did not directly contact plugin authors who were identified as using “recycled” passwords because there was evidence that the list of users found in the data breach list whose credentials were in fact safe (false positives). WordPress also discovered that some accounts that were assumed to be safe were in fact compromised (false negatives). That is what led to to the current action of forcing password resets.
Francisco Torres of WordPress answered:
“You’re right that specifically reaching out to those individuals mentioning that their data has been found in data breaches will make them even more sensitive, but unfortunately as I’ve already mentioned that might be inaccurate for some users and there will be others that are missing. What we’ve done since the beginning of this issue is to individually notify those users that we’re certain have been compromised.”
Read the official WordPress announcement:
Password Reset Required for Plugin Authors
Featured Image by Shutterstock/Aleutie
I have 25 years hands-on experience in SEO and have kept on top of the evolution of search every step …
Conquer your day with daily search marketing news.
Join Our Newsletter.
Get your daily dose of search know-how.
In a world ruled by algorithms, SEJ brings timely, relevant information for SEOs, marketers, and entrepreneurs to optimize and grow their businesses — and careers.
Copyright © 2024 Search Engine Journal. All rights reserved. Published by Alpha Brand Media.
Leave a Reply