Bleeping Computer

Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...
Courthouse News Service

Federal judge intervenes to shield web host from ‘scorched earth nuclear approach’ by WordPress

(CN) — A federal judge, on Tuesday, imposed a ceasefire on software maker WordPress' self-described "scorched earth nuclear" war over trademarks against WPEngine, a smaller tech company that builds ...
Bleeping Computer

Hackers abuse WordPress MU-Plugins to hide malicious code

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. The technique was first observed by security ...