Backdoors Planted in WordPress Plugins After Corporate Takeover Expose Thousands of Sites
Updated
Updated · techbuzz.ai · Apr 15
Backdoors Planted in WordPress Plugins After Corporate Takeover Expose Thousands of Sites
6 articles · Updated · techbuzz.ai · Apr 15
Dozens of WordPress plugins were found to contain backdoors after being sold to a new corporate owner, compromising thousands of websites.
Malicious updates were pushed through official channels, with backdoors remaining dormant for months before enabling unauthorized access and code execution.
The incident exposes critical gaps in plugin ownership transparency and highlights the growing risks of supply chain attacks in the open-source ecosystem.
Beyond deactivation, what's WordPress.org's long-term plan for plugin integrity?
Are free plugins worth the risk when hidden backdoors devastate search rankings?
Why did WordPress.org's new scans miss a dormant backdoor for eight months?
With rapid exploitation, how can site owners protect themselves when updates become attack vectors?
How does WordPress combat sophisticated attacks using untraceable blockchain C2?
31 Malicious WordPress Plugins Removed After April 2026 Backdoor Attack Hits Over 20,000 Websites
Overview
In May 2025, a popular WordPress plugin was sold to a new owner without any notification to the community, exploiting a critical gap in WordPress's oversight. By August, the new owner pushed updates containing a hidden backdoor that remained dormant until April 2026, when it activated and gave attackers unauthorized access to thousands of websites. The attackers rewrote key files and injected cloaked spam content visible only to search engines, causing severe SEO damage and risking data exposure, especially for WooCommerce stores. After discovery by a security researcher, WordPress.org removed the compromised plugins and forcibly deactivated them, breaking many sites but stopping the attack. This incident exposed the dangers of blind trust in plugin updates and inadequate review processes, highlighting the urgent need for transparency and stronger safeguards in the plugin ecosystem.