Companies and bloggers that run their own WordPress installations should make sure that they have not downloaded any of three popular plugins that were, for about 24 hours, playing host to malicious code, WordPress creator Auttomatic warned.

"The WordPress team noticed suspicious commits to several popular plugins containing cleverly disguised backdoors," wrote Matt Mullenweg, a founding developer of Auttomatic. "We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory."

Auttomatic initiated a systemwide reset for WordPress.org, forcing all users to change their password. In addition, the company locked out changes to other plugins while it checked the integrity of their code.

The link for this article located at CSO Online is no longer available.