<ul><li>Hackers are exploiting the WordPress Must-Use Plugins (MU-Plugins) directory to inject and execute malicious code on websites undetected.</li><li>MU-Plugins are a special category of WordPress plugins that run automatically on every page load, making them an attractive target for cybercriminals.</li><li>Researchers have identified three primary malware payloads being deployed in the MU-Plugins directory: redirect.php, index.php, and custom-js-loader.php.</li><li>To mitigate these threats, WordPress administrators are advised to regularly update plugins and themes, remove unused ones, and conduct routine security audits.</li></ul>

WordPress MU-Plugins exploited by hackers for stealthy attacks

Discover more