Malicious WordPress Plugin Creates Hidden Admin User Backdoor
I recently wrote about a case where a malicious plugin was used to steal admin credentials. Here we will examine yet another malicious plugin that creates a malicious admin user right in the website.
Examining the malware
While examining the site, we noticed a plugin located at wp-content/plugins labeled php-ini.php. This is strange since directories generally don’t contain extensions, especially one like .php since those are reserves for files.
Continue reading Malicious WordPress Plugin Creates Hidden Admin User Backdoor at Sucuri Blog.
Read more: Malicious WordPress Plugin Creates Hidden Admin User Backdoor
Story added 20. June 2025, content source with full text you can find at link above.