fbpx
Home » Blog » WPML Website Hacked by Former Employee – Plugin Safe

WPML Website Hacked by Former Employee – Plugin Safe

Last week, the biggest multilingual plugin provider WPML had their website hacked resulting in their entire customer base receiving the following potentially malware email:

Hacker sent email from breached WPML website

It just goes to show that even one of the largest players in the WordPress ecosphere is vulnerable to having their website hacked.

This time it wasn’t from outdated plugins, themes or WordPress core, but rather a lapse of internal security and processes for staff leaving the company.

WPML allege that an ex-employee installed a backdoor to the main website and at some point after they had left the company, accessed and used this backdoor to send out the misleading email to customer email addresses.  Summed up in the following tweet.

Having your website hacked is bad enough, but having it compromised by an ex-employee who managed to get access to customer data is pretty devastating.

Although the company claims that the WPLM plugin itself was not tampered with, the hack will surely plant seeds of doubt for existing users and definitely those considering which multilingual plugin to install with future WordPress sites.

WPML mentions in their tweet that they strongly advise customers to change their WPML account login password, however, I think they should have changed them all as a mandatory precaution.

Users can easily obtain a new password through WordPress’ forgotten password link.

Want to make sure your website is up-to-date and secure?

Have a look at our WordPress Site Care packages.

Get Your Free Security Fundamentals eBook

Enhance your website security with this free, quick and easy to implement guide.

3d-cover
  • This field is for validation purposes and should be left unchanged.

Keep In Touch

Wil

Wil is a dad, consultant, developer, conference organiser, speaker and business mentor. He co-organizes the WordPress Sydney meetup group and has been on the orgnising committee for WordCamp Sydney since 2014. He speaks at many technical events and contributes to the WordPress open source project. His likes are chillies, craft beer and electrogravitics.
If You Enjoyed This Post
Join Our Newsletter
Give it a try, you can unsubscribe anytime.
Close