Cybersecurity researchers at GoDaddy-owned Sucuri have warned that an old plugin called Eval PHP, last updated a decade ago, is being used to hack WordPress websites. The plugin, which creates a backdoor and can mask its activities as cookies has been described as “dangerous.”
The advice is to:
– Keep your website patched and up to date with the latest security releases.
– Protect the admin panel behind 2FA or some another access restriction.
– Regularly backup the website.
– Use a web application firewall to block any bad bots and to virtually patch any known vulnerabilities.