{"id":2996,"date":"2025-04-02T02:03:56","date_gmt":"2025-04-02T02:03:56","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/04\/02\/hackers-exploit-little-known-wordpress-mu-plugins-feature-to-hide-malware\/"},"modified":"2025-04-02T02:03:56","modified_gmt":"2025-04-02T02:03:56","slug":"hackers-exploit-little-known-wordpress-mu-plugins-feature-to-hide-malware","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/04\/02\/hackers-exploit-little-known-wordpress-mu-plugins-feature-to-hide-malware\/","title":{"rendered":"Hackers exploit little-known WordPress MU-plugins feature to hide malware"},"content":{"rendered":"<p>    Hackers exploit little-known WordPress MU-plugins feature to hide malware<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the \u201cMust-Use\u201d plugins (MU-plugins) feature to hide malicious code and maintain long-term access on hacked websites.<\/p>\n<p>Read more in my article on the Hot for Security blog.<\/p><\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Graham Cluley<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/www.bitdefender.com\/en-us\/blog\/hotforsecurity\/hackers-exploit-little-known-wordpress-mu-plugins-feature-to-hide-malware\">Go to grahamcluley<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers exploit little-known WordPress MU-plugins feature to hide malware A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the \u201cMust-Use\u201d plugins (MU-plugins) feature to hide malicious code and maintain long-term access on hacked websites. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54,155,258,1052,593],"tags":[71],"class_list":["post-2996","post","type-post","status-publish","format-standard","hentry","category-grahamcluley","category-guest-blog","category-malware","category-plugins","category-wordpress","tag-grahamcluley"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/2996"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=2996"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/2996\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=2996"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=2996"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=2996"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}