Backdoor Lurks Behind WordPress Caching Plugin to Hijack Websites

A malware concealed in a WordPress caching plugin can create administrative accounts for websites, allowing threat actors to take over infected sites. Researchers from Wordfence found the harmful plugin, which acts as either a standalone script or a plugin and offers remote plugin activation and content filtering capabilities. To stay protected, WordPress users should adhere to security best practices and employ security monitoring for their sites.