Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. In February, Sucuri warned of threat actors exploiting WordPress mu-plugins, which auto-load without activation, to maintain persistence and evade detection by hiding backdoors in the plugin directory. >>Unlike regular plugins, must-use plugins are automatically loaded on every page load, […]
First seen on securityaffairs.com
Jump to article: securityaffairs.com/176083/malware/wordpress-malware-in-the-mu-plugins-directory.html
