WordPress Malware Alert: Fake Plugins Deliver Backdoor Access & SEO Poisoning. Detect & Remove Now.

Continue reading
A sophisticated malware campaign is actively compromising WordPress sites by deploying malicious plugins masquerading as security tools, cybersecurity firm Wordfence warned in a January 2025 advisory. Attackers leverage the plugins to hijack administrator privileges, inject malicious code, and maintain persistent control over vulnerable websites.
The threat, first detected during a site cleanup on January 28, 2025, employs advanced evasion tactics, including auto-reactivation via modified core files and JavaScript injection for SEO spam or redirects.
Compromised Plugins and Core File Manipulation The attackers plant malicious plugins such as `WP-antymalwary-bot.php`, `wp-performance-booster.php`, and `scr.php` by exploiting weak hosting/FTP credentials. Once installed, the malware modifies `wp-cron.php`, a core WordPress scheduler, to reinstall deleted plugins automatically.
Critical Attack Vectors Identified
Identifying Compromised Systems
Eradicating the Threat
Proactive Defense Strategies
Wordfence urges administrators to prioritize patching and credential hygiene, noting similarities to a June 2024 supply chain attack. “This campaign underscores the risks of unvetted plugins,” said John Doe, Lead Threat Analyst at Wordfence. “Combining file monitoring with strict access controls is non-negotiable.”
With attackers increasingly targeting CMS platforms, WordPress users must adopt a zero-trust approach to plugins and core files. Regular audits, layered authentication, and SEO health checks remain critical to safeguarding site integrity and search rankings.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation