Summary: Threat actors are exploiting the “mu-plugins” directory in WordPress sites to conceal malicious code for persistent remote access and redirecting visitors to fake sites. Three types of rogue PHP scripts found in this hidden directory can execute arbitrary code, inject spam, and deceive users into downloading malware. The situation is worsened by multiple identified vulnerabilities in popular WordPress plugins that have been exploited this year.
Affected: WordPress sites
Keypoints :
- Malicious scripts in the “mu-plugins” directory evade detection during routine security checks.
- Discovered scripts include redirecting users to malicious sites and executing arbitrary code.
- Recent vulnerabilities in WordPress plugins enhance the risk of exploitation by threat actors.
- Recommendations include updating plugins, auditing for malware, and enforcing strong passwords.
Source: https://thehackernews.com/2025/03/hackers-exploit-wordpress-mu-plugins-to.html