<![CDATA[This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes?]]>This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes?

Link Preview Image
Someone bought 30 WordPress plugins and planted a backdoor in all of them | Hacker News

favicon

(news.ycombinator.com)

]]>https://board.circlewithadot.net/topic/da0815c1-1f03-4ac5-bcc1-0e5b3ca2c6a1/this-discussion-atop-hackernews-right-now-about-how-someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them-has-me-wondering-is-there-a-plugin-that-blocks-plugins-from-being-automagically-updated-if-the-plugin-s-ownership-changesRSS for NodeWed, 15 Apr 2026 08:31:20 GMTTue, 14 Apr 2026 12:44:08 GMT60<![CDATA[Reply to This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes? on Tue, 14 Apr 2026 13:11:03 GMT]]>@briankrebs So How many plugins could a hacker backdoor, if a plugin could block backdoored plugins?

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/kidko92/statuses/116403225458936940https://board.circlewithadot.net/post/https://mastodon.social/users/kidko92/statuses/116403225458936940Tue, 14 Apr 2026 13:11:03 GMT<![CDATA[Reply to This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes? on Tue, 14 Apr 2026 13:08:32 GMT]]>@briankrebs And is it for sale?

]]>https://board.circlewithadot.net/post/https://fosstodon.org/users/NeilShadrach/statuses/116403215561693870https://board.circlewithadot.net/post/https://fosstodon.org/users/NeilShadrach/statuses/116403215561693870Tue, 14 Apr 2026 13:08:32 GMT<![CDATA[Reply to This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes? on Tue, 14 Apr 2026 12:53:56 GMT]]>@briankrebs Plugin ownership is a slippery concept.
Many wordpress plugins are published by small companies that can be bought outright.

]]>https://board.circlewithadot.net/post/https://mas.to/users/mbpaz/statuses/116403158137059631https://board.circlewithadot.net/post/https://mas.to/users/mbpaz/statuses/116403158137059631Tue, 14 Apr 2026 12:53:56 GMT<![CDATA[Reply to This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes? on Tue, 14 Apr 2026 12:53:30 GMT]]>@briankrebs@infosec.exchange @andrewnez@mastodon.social would definitely know. He's the supply chain expert.

]]>https://board.circlewithadot.net/post/https://toot.pouyan.net/objects/d4ab7f35-1f3d-4617-bc73-8655d6dd624bhttps://board.circlewithadot.net/post/https://toot.pouyan.net/objects/d4ab7f35-1f3d-4617-bc73-8655d6dd624bTue, 14 Apr 2026 12:53:30 GMT<![CDATA[Reply to This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes? on Tue, 14 Apr 2026 12:48:32 GMT]]>@briankrebs and who updates that one?

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/noplasticshower/statuses/116403136889660852https://board.circlewithadot.net/post/https://infosec.exchange/users/noplasticshower/statuses/116403136889660852Tue, 14 Apr 2026 12:48:32 GMT<![CDATA[Reply to This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes? on Tue, 14 Apr 2026 12:48:30 GMT]]>@jackryder @briankrebs This is NOT a new issue, which is probably why there is conversation. People have a preset viewpoint.

I don't know how they are gonna solve that problem, but with the constant political shakeups at Wordpress, woof. I'm just glad I got my last client off of WordPress.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/Sempf/statuses/116403136820441250https://board.circlewithadot.net/post/https://infosec.exchange/users/Sempf/statuses/116403136820441250Tue, 14 Apr 2026 12:48:30 GMT<![CDATA[Reply to This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes? on Tue, 14 Apr 2026 12:48:03 GMT]]>@Roses4Cardinals I was being only partially facetious here. IMHO, this should be WordPress's job, whether or not you host a blog with them, seeing as they automatically update your plugins now whether you want them to or not.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/briankrebs/statuses/116403135019558084https://board.circlewithadot.net/post/https://infosec.exchange/users/briankrebs/statuses/116403135019558084Tue, 14 Apr 2026 12:48:03 GMT<![CDATA[Reply to This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes? on Tue, 14 Apr 2026 12:47:49 GMT]]>@briankrebs But what if the plugin that blocks plugins from being automagically updated if the plugin's ownership changes' ownership changes?

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/davep/statuses/116403134133463403https://board.circlewithadot.net/post/https://infosec.exchange/users/davep/statuses/116403134133463403Tue, 14 Apr 2026 12:47:49 GMT<![CDATA[Reply to This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes? on Tue, 14 Apr 2026 12:46:52 GMT]]>@briankrebs How much to buy hypothetical plugin that blocks plugins from updating?

]]>https://board.circlewithadot.net/post/https://hachyderm.io/ap/users/116081745495211516/statuses/116403130360461918https://board.circlewithadot.net/post/https://hachyderm.io/ap/users/116081745495211516/statuses/116403130360461918Tue, 14 Apr 2026 12:46:52 GMT<![CDATA[Reply to This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes? on Tue, 14 Apr 2026 12:46:05 GMT]]>@briankrebs There is a lot of conversation going on about this new issue.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/ap/users/116093572746253175/statuses/116403127275107749https://board.circlewithadot.net/post/https://infosec.exchange/ap/users/116093572746253175/statuses/116403127275107749Tue, 14 Apr 2026 12:46:05 GMT