Users of various WordPress plugins including but not limited to WPtouch, W3Total Cache, and AddThis should send a special thanks Automattic’s way tonight — they just saved your ass. The popular WordPress blogging platform company (which Gadgetsteria is also run off of) had a minor security scare earlier this afternoon. The plugins (and many more) listed above had several “suspiscious” comments posted that turned out to be backdoors allowing hackers into the system. Automattic went ahead and removed the comments in question, issued updates to the plugins in question, and reset all WordPress.org, bbPress.org and BuddyPress.org passwords. Users will be prompted to reset their password when logging into the plugins repo, WordPress forums, or WordPress.com accounts for the first time since the incident. Clearly Automattic is on top of it.
To be clear: WordPress itself was not hacked and no user information was compromised. With that said, customers with self-hosted WordPress.org sites were unaffected.
Still confused/curious? Automattic has posted a handy little document/FAQ right over here.