This old WordPress plugin is being used to hack websites


Cybersecurity researchers at GoDaddy-owned web security firm Sucuri has found that a legitimate WordPress plugin that’s no longer active has been taken over by hackers and is now compromising websites.
Eval PHP – a plugin designed to allow users to add PHP code into articles and blog data – looks to have been last updated a decade ago and has had minimal to no downloads recorded over the past 10 years.
The past month has seen interest in Eval PHP surge to the sum of over 100,000 downloads, with a peak of up to 7,000 downloads per day.
Eval PHP hack
The Sucuri notice (opens in new tab) details that the code “uses the file_put_contents function to create a PHP script into the docroot of the website with the specified remote code execution backdoor.”
Because the backdoor uses $_REQUEST[id] to obtain the executable PHP code, which contains the contents of $_GET, $_POST, and $_COOKIE, it can conceal its parameters by masking as cookies. GET is less detectable than POST, but no less dangerous, says Sucuri.
The findings also uncover that the backdoors are created across multiple posts saved as drafts, thus they are not publicly visible, nor are they as obvious to find as live pages.
WordPress did not immediately respond to TechRadar Pro’s request for comment on its policy regarding abandoned plugins. For now, Sucuri urges WordPress users to secure their wp-admin panel and to monitor activity. The security firm advises four specific actions:
- Keep your website patched and up to date with the latest security releases
- Place your admin panel behind 2FA or some other access restriction
- Have a regular website backup service running for a rainy day
- Use a web application firewall to block bad bots and virtually patch known vulnerabilities
Cybersecurity researchers at GoDaddy-owned web security firm Sucuri has found that a legitimate WordPress plugin that’s no longer active has been taken over by hackers and is now compromising websites. Eval PHP – a plugin designed to allow users to add PHP code into articles and blog data – looks…
Recent Posts
- How Claude’s 3.7’s new ‘extended’ thinking compares to ChatGPT o1’s reasoning
- ‘We’re nowhere near done with Framework Laptop 16’ says Framework CEO
- Razer’s new Blade 18 offers Nvidia RTX 50-series GPUs and a dual mode display
- Samsung’s first Pro series Gen 5 PCIe SSD arrives in March
- I tried adding audio to videos in Dream Machine, and Sora’s silence sounds deafening in comparison
Archives
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- September 2018
- October 2017
- December 2011
- August 2010