WordPress, the blog-hosting giant, has forced all of the users of its main website WordPress.org to change their passwords after hackers infected the site with malicious software.
Three "plug-ins" - software written by outside parties for use with the the blog site - were found to contain what one of its developers called "cleverly disguised backdoors" uploaded by unauthorised people,
https://wordpress.org/news/2011/06/passwords-reset/

Thanks for this info, suwunk. I knew it was only a matter of time before the big blog sites got hit with malware.