WP Beacon

Watching the WordPress plugin supply chain.

WP Beacon tracks every plugin on wordpress.org — its authors, committers, and releases — to flag ownership transfers, dormant-then-activated takeovers, and release patterns that match known attacks.

Plugins watched
112,812
49,691 closed
Authors tracked
66,936
Installs covered
338.3M+
active installs across all plugins
Forensic audits
11
5 malicious

Active plugin hijacks

All audits →

Plugins where a malicious author still controls the wordpress.org distribution. Tap any card for the full audit, IOCs, and the steps the author can take to clear this label. Labels clear automatically once wp beacon scan-deltas confirms the hijack is gone from trunk.

Closed by wp.org · trunk uncleaned

Quick Page/Post Redirect Plugin — 70k+ installs

The original author intentionally weaponized wordpress.org distribution to seed an out-of-band update channel they controlled — and then served tampered builds through that channel after the wp.org-distributed code went…

Actor: anadnet — original wp.org plugin author. Self-implanted backdoor, no acquisition or account inheritance involv… Audit #13 · 12 IOCs · Read full report →
Closed by wp.org · trunk uncleaned

33 plugins — 180k+ active installs

Marketplace acquisition of an established 30-plugin portfolio used as a vehicle for a fleet-wide PHP-deserialization RCE backdoor with on-chain C2 resolution.

Actor: "Kris" — Flippa buyer of the WP Online Support / Essential Plugin portfolio (~33 plugins, six figures, early 2… Audit #4 · 15 IOCs · Read full report →
Closed by wp.org · trunk uncleaned

Scroll To Top — 20k+ installs

Update-checker hijack with active stored-XSS / RCE primitives served from a Panama-fronted C2.

Actor: Benjamin (wp.org @milkitall, GitHub tombenj, tomgolan@gmail.com) — operates the inherited @satrya SVN account Audit #12 · 11 IOCs · Read full report →

Top authors by install base

Full list →

The accounts with the biggest blast radius on wp.org. A new committer suddenly appearing under any of these is always worth a second look.

# Author Member since Plugins Installs
1 Syed Balkhi 2008-06-22 94 23.5M+
2 Automattic 2009-11-05 75 19.1M+
3 Yoast 2013-11-14 7 14.2M+
4 Elementor 2018-05-10 12 12.1M+
5 WordPress.org 2010-03-24 19 11.6M+
6 Rock Lobster Inc. 2025-09-17 6 11.1M+
7 Brainstorm Force 2011-09-08 32 7.8M+
8 LiteSpeed Technologies 2016-01-20 2 7M+
9 David Anderson / Team Updraft 2008-01-02 16 6.4M+
10 Google 2006-11-17 3 5.1M+

Recent closures

All closures →
Plugin Author Closed Reason
myCred for Rating Form saadiqbal 2d ago author-request
myCred – MemberPress Integration (Gamification for Membership Sites) saadiqbal 2d ago author-request
myCred Credly saadiqbal 2d ago author-request
myCred for TotalPoll saadiqbal 2d ago author-request
Gantry 5 Framework gantry 3d ago