Global CyberSecurity

Malicious WordPress Plugin Creates Hidden Admin User Backdoor

OTCBy
0
Post Views: 155

Published on 06/20/2025 – Last Updated on 06/21/2025 by OTC

I recently wrote about a case where a malicious plugin was used to steal admin credentials. Here we will examine yet another malicious plugin that creates a malicious admin user right in the website.

Examining the malware

While examining the site, we noticed a plugin located at wp-content/plugins labeled php-ini.php. This is strange since directories generally don’t contain extensions, especially one like .php since those are reserves for files.

Continue reading Malicious WordPress Plugin Creates Hidden Admin User Backdoor at Sucuri Blog.

IndoDefence 2025: Live Demonstration Focus on Indonesian Electric Solutions for Tactical Silence

Previous article

SCL Deep Dive APAC 2025: Community Speakers and a New Format

Next article

You may also like

Comments

Comments are closed.

More in Global CyberSecurity