Malware on WordPress sites lets hackers run remote code

Home/Internet Security, Malware, Security Advisory, Security Update, wordpress/Malware on WordPress sites lets hackers run remote code

Malware on WordPress sites lets hackers run remote code

Researchers found malware targeting WordPress sites, using backdoors for remote code execution. The attacks exploit vulnerabilities, highlighting the need for better security.

WordPress Vulnerabilities

Attackers placed malicious scripts in the Must-Use Plugins (mu-plugins) directory of WordPress, which automatically loads plugins without activation. By using obfuscated PHP code, they ensured persistence and avoided detection.

The code retrieved additional payloads from external files, allowing hackers to execute commands remotely and further compromise the site. The malware used techniques like base64 encoding and AES encryption to hide its payloads and bypass detection.

Once activated, it communicated with external servers to download more malicious scripts or send sensitive data. Attackers also used functions like eval() to run PHP code dynamically, making detection harder.

In one case, the malware stored obfuscated payloads in the /wp-content/uploads/ directory, which were decoded and executed on the server, giving attackers full control of the site.

Some malware variants also manipulate files like robots.txt to redirect traffic or boost SEO spam campaigns.

The consequences of these attacks can be severe:

  • Complete Site Takeover: Hackers can modify content, inject malicious scripts, or deface websites.
  • Data Theft: Sensitive user information, such as login details and financial data, can be stolen.
  • Malware Distribution: Compromised sites may spread malware or phishing attacks.
  • Reputation Damage: Redirecting traffic or adding spam harms a website’s credibility and SEO rankings.

The rise in RCE vulnerabilities in WordPress highlights issues with insecure coding and outdated software. Reports from Sucuri revealed similar flaws in popular plugins like “Bit File Manager” and “Security & Malware Scan by CleanTalk,” exposing thousands of websites to attacks.

Attackers exploited weaknesses in file upload systems and poor input sanitization to inject malicious code.

Mitigation

To reduce these threats, WordPress site admins should:

  • Regularly update WordPress core, plugins, and themes.
  • Use firewalls to block malicious traffic.
  • Disable PHP execution in directories like /uploads/.
  • Use security tools like Sucuri or MalCare for malware scanning and monitoring.
  • Regularly audit installed plugins and remove unused or outdated ones.

These steps help minimize risks and protect against evolving cyber threats targeting WordPress sites.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 106
By | 2025-02-18T23:21:06+05:30 February 17th, 2025|Internet Security, Malware, Security Advisory, Security Update, wordpress|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!