Bleeping Computer

Hackers abuse WordPress MU-Plugins to hide malicious code

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. The technique was first observed by security ...
TechRepublic

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the Essential Plugin portfolio. A web developer discovered dozens of malicious ...