Apr 13
30 WordPress Plugins Bought and Backdoored: The 2026 Supply Chain Attack Explained
This is what a real WordPress supply chain attack looks like in 2026. It was not a typo-squatted plugin with zero reputation. It was not a sloppy malware blast that every site owner noticed immediately. It was a portfolio of 30+ trusted WordPress plugins, apparently purchased for six figures through Flippa, quietly backdoored, left dormant for roughly eight months, and then activated at…