A bundle of WordPress tools known as the “Essential Plugin” suite—covering features like countdown timers, popup builders, and testimonial widgets—was sold on the marketplace Flippa to a buyer identified only as “Kris.”

He bought the suite, and eight months later he used the backdoors he created to compromise thousands of sites.

Full story here.

Our first expert talk is with Rox Codes co-founder of Flightcast (with Steven Bartlett of Diary of a CEO). He will be demoing the first ever video first media host and answering questions. This is open to members of the School of Podcasting (there is a free version).

Try Podpage

Managewp Backup

Siteground WordPress Hosting

School of Podcasting

Key Takeaways

• A total of 31 WordPress plugins were quietly compromised after being sold to a malicious buyer. The injected malware stayed inactive for eight months before spreading across thousands of websites.
• Well-known podcasting plugins like PowerPress, Yoast SEO, and Seriously Simple Podcasting were not impacted. The affected plugins were mostly general-purpose utility tools.
• If your site uses anything from the “Essential Plugin” suite, it’s important to review it immediately and check for signs of compromise.
• Every plugin you install introduces third-party code to your site. The more plugins you rely on, the more ongoing attention your site needs to remain secure.
• Regardless of this incident, the best defense is simple: keep all plugins updated and remove anything you’re not actively using.