I would like to congratulate my team, all the organizations we work with and the hosting providers! You were fantastic in responding to this threat, and your actions had a positive impact on mitigating this attack.
In the end, only three organizations were affected. In each case, a clean backup could be restored, the compromised plugins were removed and all passwords were replaced.
Over the course of the week, site performance improved noticeably as the vulnerabilities were fixed and the shared servers were cleaned. The hosts also disabled the affected WordPress plugins and replaced them with equivalent solutions, without us or the organizations having to do anything.
If you notice any unknown WordPress user accounts, or if your site’s title and description shown on social media look abnormal, contact your host and our team immediately. Let’s stay vigilant!
See the article on the supply chain attack
Frequently asked questions
Is my website one of the affected?
We contacted the affected organizations directly. If you haven’t been contacted, it’s very likely that your site was not affected by this incident.
Is the problem now resolved?
The affected sites were restored from clean backups, the compromised plugins were removed and all passwords were replaced. The hosts also applied additional protective measures.
Why does my site seem faster than it did a few days ago?
The hosts cleaned several shared servers and fixed the vulnerabilities associated with this attack. Many sites now benefit from improved performance and stability.
Do I need to take any action on my end?
No particular action is required for most organizations. However, we recommend staying alert to any unusual behavior on your site.
What signs should worry me?
Contact us promptly if you notice a WordPress administrator account you don’t recognize, unexpected changes to your site’s content, an unusual title or description when you share your site on social media, or a sudden drop in performance.
Should I change my passwords?
If your site wasn’t affected, it’s generally not necessary. For affected sites, all passwords have already been replaced as part of the corrective measures.
Could similar attacks happen again?
Yes. Supply chain attacks have become more frequent across the industry. That’s why we continue to actively monitor security advisories, the plugins in use and hosting infrastructures.
What should I do if I have a doubt about my site?
Get in touch with our team or your host. It’s always better to quickly check suspicious behavior than to wait for a problem to get worse.