Warp is the agentic development environment born out of the terminal. Download Warp for free today at → https://go.warp.dev/fireship

Someone spent $100k buying a massive collection of WordPress plugins and planted a backdoor in all of them. Naturally, CloudFlare stepped in with EmDash: a slop-forked WP alternative that promises to fix plugin security for good.

#coding #programming #wordpress

🔖 Topics Covered
- Wordpress plugin hack - https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/
- EmDash

Want more Fireship?

🗞️ Newsletter: https://bytes.dev
🧠 Courses: https://fireship.dev

Fireship is a YouTube channel created by Jeff Delaney that offers quick tutorials and explanations on web development, programming, and tech trends. Known for the “100 Seconds of Code” and “The Code Report” series, the channel breaks down complex topics in a short, engaging format, covering everything from JavaScript frameworks to emerging technologies.

Fireship

A supply chain attack compromised 31 WordPress plugins after an attacker purchased them via Flippa, inserted a dormant backdoor, and later activated malicious payloads that modified core WordPress files including wp-config.php. The command-and-control domain was resolved through an Ethereum smart contract, making it resilient to takedowns. The attack bypassed normal security suspicion by arriving as a routine plugin update. The post also covers Cloudflare's new Mdash project, a WordPress-compatible alternative built on Astro that sandboxes plugins using dynamic workers and capability-based bindings to prevent the kind of full-privilege access that makes WordPress plugins dangerous.

A rich hacker just penetrated 31 WordPress plugins...

<p>why the world is working with the plugins which can be attack by the hacker easily</p>


<p>Why do people use wordpress in the first place?</p>
