Security Stop Press : WordPress Sites Being Hacked Through Old Plugin

Written by: |

Cybersecurity researchers at GoDaddy-owned Sucuri have warned that an old plugin called Eval PHP, last updated a decade ago, is being used to hack WordPress websites. The plugin, which creates a backdoor and can mask its activities as cookies has been described as “dangerous.” 

The advice is to: 

- Keep your website patched and up to date with the latest security releases. 

- Protect the admin panel behind 2FA or some another access restriction. 

- Regularly backup the website. 

- Use a web application firewall to block any bad bots and to virtually patch any known vulnerabilities.