Cybersecurity researchers at GoDaddy-owned Sucuri have warned that an old plugin called Eval PHP, last updated a decade ago, is being used to hack WordPress websites. The plugin, which creates a backdoor and can mask its activities as cookies has been described as “dangerous.”
The advice is to:
– Keep your website patched and up to date with the latest security releases.
– Protect the admin panel behind 2FA or some another access restriction.
– Regularly backup the website.
– Use a web application firewall to block any bad bots and to virtually patch any known vulnerabilities.
“What impresses us most is their ability to convey the issue whilst avoiding the technical jargon that those outside of IT really don’t understand.”
- Jason Honey -