The same day we published our A to Z Guide to WordPress plugins, the team over at WordPress was suffering from some rather serious security issues.
WordPress noticed “suspicious commits” to popular plugins including AddThis, WPtouch, and W3 Total Cahce which contained “cleverly disguised” backdoors. Noticing that the commits were not from the plugin authors, Wordpress rolled them back (to a previous version), pushed updates to the plugins and has shut down access to the plugin repository.
Wordpress is currently investigating the matter but has decided to force users to reset their passwords on WordPress.org. If you’re a user of the forums, trac or commit to a plugin or theme, now would be a good time to reset your password on the service.