Some of you may not be aware of this, but there was a small security breach in the WordPress.org plugin directory this week. Someone managed to commit malicious changes to some popular plugins by hacking into the SVN repository. The WP crew discovered the changes and managed to revert the affected plugins back to the last legitimate release. They have also shut down access to the repo to make sure no other plugins were affected.
You can read more about in the WP blog: http://wordpress.org/news/2011/06/passwords-reset/
Strange enough, the plugin we were going to review this week, BackWPup has been removed completely from the repo. After doing a bit of research it seems like there was a little issue with the plugin causing excessively long processes while backing up WP and the author is aware and working on a fix.
You can read more about that in the support forum: http://wordpress.org/support/topic/plugin-backwpup-run-away-backup-process
If the plugin is updated and works well enough, we will do another review and post about it, but for now, this weeks plugin review will be replaced with this article about the few plugins that were affected by the repo hack.
So if you are using WP Touch, W3 Total Cache or Add This make sure to update again to the most recent release which is the clean one. Also, if you are a member of WP.org, you will have to reset your password as a “prophylactic measure” to help heighten security.