GBHackers reports that researchers have uncovered malware targeting WordPress websites, leveraging hidden backdoors to enable remote code execution (RCE):
One notable case involved attackers embedding malicious scripts within the Must-Use Plugins (mu-plugins) directory, a special WordPress folder that automatically loads plugins on every page load without requiring activation.
By placing obfuscated PHP code in this directory, attackers ensured persistence while evading detection.
The malicious code retrieved and executed additional payloads stored in external files, enabling hackers to execute commands remotely and compromise the website further.
And that is just one example.
The consequences of these types of attacks can be devastating. GBHackers reports that to mitigate these threats, WordPress site administrators should:
- Regularly update WordPress core, plugins, and themes.
- Implement firewalls to block malicious traffic.
- Disable PHP execution in directories like
/uploads/.- Use security tools for malware scanning and monitoring.
- Conduct periodic audits of installed plugins and remove unused or outdated ones.
Read more at GBHackers.
