Pro WordPress Tips
Hackers have been exploiting an outdated WordPress plugin called Eval PHP to backdoor websites as part of an ongoing campaign.
Despite the plugin never receiving an update in 11 years, it is installed on over 8,000 websites.
The hackers insert malicious code into the "wp_posts" table of infected sites, which stores posts, pages, and navigation menu information, and the requests originate from three different IP addresses based in Russia.
This new development highlights how attackers are experimenting with different methods to maintain their foothold in compromised environments and evade server-side scans and file integrity monitoring.
Site owners are advised to secure the WP Admin dashboard and watch out for suspicious logins to prevent threat actors from gaining admin access and installing the plugin.