Website security is once again in the spotlight following reports that a number of popular WordPress plugins were deliberately compromised and distributed with malicious code.
In this incident, attackers reportedly acquired ownership of multiple plugins and pushed out updates containing hidden backdoors. These backdoors could allow unauthorised access, data extraction, or further exploitation of affected websites.
While not every site will have been impacted, the risk is significant—particularly for businesses relying on WordPress to manage their online presence.
What Happened?
Security researchers identified that dozens of plugins were updated with suspicious code after changing ownership. Because these updates appeared legitimate, many site administrators may have installed them without realising the risk.
Once activated, the malicious code could allow attackers to:
- Gain administrative access to your website
- Inject further malware or spam content
- Access sensitive data or customer information
- Use your site as part of wider cyberattacks
Why This Matters
WordPress powers a large proportion of business websites, making it a frequent target for attacks. Plugins, while incredibly useful, can introduce vulnerabilities, especially when they are not regularly reviewed or maintained.
Even trusted plugins can become a risk if ownership changes hands or security practices slip.
Accordion and Accordion Slider
Album and Image Gallery Plus Lightbox
Audio Player with Playlist Ultimate
Blog Designer for Post and Widget
Countdown Timer Ultimate
Featured Post Creative
Footer Mega Grid Columns
Hero Banner Ultimate
HTML5 VideoGallery Plus Player
Meta Slider and Carousel with Lightbox
Popup Anything on Click
Portfolio and Projects
Post Category Image with Grid and Slider
Post Grid and Filter Ultimate
Preloader for Website
Product Categories Designs for WooCommerce
Responsive WP FAQ with Category
SlidersPack – All in One Image Sliders
SP News And Widget
Styles for WP PageNavi – Addon
Ticker Ultimate
Timeline and History Slider
Woo Product Slider and Carousel with Category
WP Blog and Widgets
WP Featured Content and Slider
WP Logo Showcase Responsive Slider and Carousel
WP Responsive Recent Post Slider
WP Slick Slider and Image Carousel
WP Team Showcase and Slider
WP Testimonial with Widget
WP Trending Post Slider and Widget
Immediate Actions to Take
We strongly recommend carrying out the following checks as soon as possible:
- Review all installed plugins on your website, including inactive ones
- Identify any plugins that you do not recognise or no longer use
- Cross-check your plugins against known vulnerabilities (such as those reported by Wordfence)
- Update all plugins, themes, and WordPress core to the latest versions
- Remove any plugins that are outdated, unsupported, or unnecessary
- Ensure regular backups are in place
If you identify any of the affected plugins, update them immediately if a secure version is available, or remove them entirely.
Prevention Going Forward
To reduce future risk:
- Only install plugins from reputable developers with strong update histories
- Regularly audit your website for unused or redundant plugins
- Implement security monitoring and firewall protection
- Restrict administrative access and use strong authentication
Need Support?
If you are unsure whether your website may be affected, or would like help reviewing your WordPress security, matm can assist. Our team can carry out a full audit and ensure your site remains secure, up to date, and protected against emerging threats.
