Hackers Backdoor Sites by Hiding Fake WordPress Plugins

Hackers Backdoor Sites by Hiding Fake WordPress Plugins


Malicious plugins that hide in plain sight and act as backdoors are used by attackers to gain and maintain a foothold on WordPress websites, and to upload web shells and scripts for brute-forcing other sites.


For instance, some of these fake plugins with backdoor functionality — named initiatorseo or updrat123 by their creators — were seen cloning the functionality of the highly popular backup/restore WordPress plugin UpdraftPlus, with a current active number of over two million installations.


"The metadata comments within these fake plugins include copies from version 1.16.16 of UpdraftPlus, which was released on July 2 ..