Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

April 14, 2026 | Published by AI News Pro

Dozens of plug-ins for the widely used open source web blogging software WordPress are now offline after a backdoor was discovered in them, used to push malicious code to any website that relied on the plug-ins. The backdoor was discovered after a updated corporate owner bought these plug-ins.

Anchor Hosting founder Austin Ginder sounded the alarm in a blog post last week describing a supply chain attack on a WordPress plug-in maker called Essential Plugin. Ginder remarked someone last year bought Essential Plugin and the backdoor was soon added to the plug-ins’ source code. The backdoor sat dormant until earlier this month when it activated and began distributing malicious code to any website with the plug-ins installed.

Essential Plugin says on its website that it has over 400,000 plug-in installs and more than 15,000 customers. WordPress’ plug-in install page says the affected plug-ins are in over 20,000 active WordPress installations.

Plug-ins allow owners of WordPress-based websites to extend the site’s functionality, but in doing so grant the plug-ins access to their installations, which can open these websites to malicious extensions and potential compromise. But Ginder warned that WordPress users are not notified of any plug-ins’ change in ownership, exposing users to potential takeover attacks by their updated owners.

this is the second hijack of a WordPress plug, according to Ginder-in discovered in as many weeks. Security researchers have long warned of the risks of malicious actors buying software and changing its code To compromise Many computers around the international community.

While the plug-ins have been removed from WordPress’ directory and now list their closure as “permanent,” Ginder warned that WordPress owners should check if they still have one of the malicious plug-ins installed and remove it. Ginder has a list of the affected plug-ins in the blog post. Furthermore, experts in user interface note the continued relevance.

Representatives for Essential Plugin did not respond to a request for comment.

Topics This also touches on aspects of Android.

AI Disclosure: This article has been generated and curated using advanced AI technology. While we strive for absolute accuracy, some details may be summarized or translated by autonomous systems. Please cross-reference critical financial data with official sources.

More from this Category