31 WordPress plugins were permanently shut down in April 2026 after a supply chain attack. If your site was affected, here is how to remove the malware, lock down your credentials, and recover your search rankings.
A massive supply chain attack has compromised 31 popular WordPress plugins, affecting hundreds of thousands of sites. By exploiting the update system, hackers injected hidden backdoors that remain active even after the plugins are removed. This report covers the full list of banned plugins and how the breach was executed.
A supply chain attack recently targeted CPUID, serving trojanized installers to unsuspecting users. Here is a breakdown of the affected software and how to stay safe.
