During a recent cleanup of a compromised WordPress website, we discovered two different malicious files designed to silently manipulate administrator accounts. Attackers often inject such backdoors to maintain persistent access to a site, even if their other malware is detected and removed. These files were disguised to look like regular WordPress components, but their functionality told a different story.

What did we find?

We found two highly suspicious files that immediately caught our attention.

Continue reading Hidden WordPress Backdoors Creating Admin Accounts at Sucuri Blog.

Via Sucuri.net