We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

New WordPress Malware Gives Attackers Admin Privileges

New WordPress Malware Gives Attackers Admin Privileges
Author Image Zane Kennedy
Zane Kennedy Published on 17th October 2023 Cybersecurity Researcher

A sophisticated malware camouflaged as a legitimate caching plugin has been discovered compromising WordPress sites. Researchers from Wordfence uncovered this malware, which allows attackers to gain control of affected websites.

The initial discovery occurred during a routine site cleanup by Wordfence analysts on July 18, 2023. Within a day, a signature for the malware was developed and made available for production within two weeks after thorough testing. As of September 1, 2023, users of the free version of Wordfence received this signature, while Premium, Care, and Response users had firewall protection against the backdoor since October 9, 2023.

This rogue code exhibits a unique blend of functionalities:

  • Stealth Features: Not only does the malware convincingly present itself as a caching tool, but it also excludes itself from the active plugins list, further evading detection.
  • User Manipulation: The malware can create and use a user account named “superadmin” that offers full administrative rights. There’s also a function in the malware’s code to erase this account, diminishing any traces of its sinister activities.
  • Redirect Site Visitors: Certain website visitors may be redirected to dubious sites containing scams or additional malware.
  • Content Tampering: The malware can modify post and page content, including the insertion of malicious links. Notably, these changes are hidden from users with admin privileges, which prolongs the discovery of any compromise. The malware can also clean up any traces of malicious activity from the WordPress database.
  • Plugin Management: Attackers can use the malware to remotely activate or deactivate any installed plugins. This flexibility allows them to disable undesired plugins and allows for the reactivation of their malevolent plugin as needed.

These combined functionalities provide attackers with a robust toolkit for remote site control and monetization, all at the expense of the compromised site's reputation and user privacy.

WordPress site owners are urged to maintain vigilance and ensure they only download plugins from the official platforms of trusted sources. Wordfence's layered protection approach, even for its free users, assures a significant defense against such advanced threats. However, given the ever-evolving nature of cyber threats, engaging in continuous monitoring and adopting best security practices remains crucial.

About the Author

Zane is a Cybersecurity Researcher and Writer at vpnMentor. His extensive experience in the tech and cybersecurity industries provides readers with accurate and trustworthy news stories and articles. He aims to help individuals protect themselves through informative content and awareness of cybersecurity's crucial role in today's digital landscape.