Yesterday the WordPress.org team uncovered a series of compromised updates to popular plugins and temporarily shut down the plugin repositories and reset users’ passwords. Their blog post did not go into details however and I decided to hunt down and investigate the backdoors inserted.
- Recovering 1,800 articles from a 3rd party CMS with no database access
- Reducing page generation times from over 6 seconds to 0.2 seconds on average
- Writing 2 plugins to replace the rather lacking alternatives (to be released shortly)
- Discovering 1 serious plugin exploit
- …and writing countless lines of code to produce an end result to be proud of.
ForgeToday.com has now been entered for the Guardian Student Media Awards 2011.