Cybersecurity researchers at GoDaddy-owned Sucuri have warned that an old plugin called Eval PHP, last updated a decade ago, is being used to hack WordPress websites. The plugin, which creates a backdoor and can mask its activities as cookies has been described as “dangerous.”
The advice is to:
- Keep your website patched and up to date with the latest security releases.
- Protect the admin panel behind 2FA or some another access restriction.
- Regularly backup the website.
- Use a web application firewall to block any bad bots and to virtually patch any known vulnerabilities.