Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions. Must-use plugins (aka mu-plugins) are special plugins that are automatically activated on all WordPress sites in the installation. They are located in the "wp-content/mu-plugins"
![]()
source https://thehackernews.com/2025/07/hackers-deploy-stealth-backdoor-in.html
source https://thehackernews.com/2025/07/hackers-deploy-stealth-backdoor-in.html