Searchenginejournal.com

WordPress Security Plugin Exposes +1 Million Websites

The WPS Hide Login WordPress plugin recently patched a vulnerability that exposes users secret login page. The vulnerability allows a malicious hacker to defeat the purpose of the plugin (of hiding ...
Bleeping Computer

Hackers abuse WordPress MU-Plugins to hide malicious code

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. The technique was first observed by security ...