A new type of malware has been reported that illegally installs a plugin that can execute PHP code in WordPress and embeds malware in the database.


Unauthorized installation of a plugin that allows you to run PHP code from the WordPress admin screen on any fixed page or post.

According to Sucuri, there has been an increase in the number of cases in which hackers have taken over WordPress administrator privileges through brute force attacks or by exploiting vulnerabilities to install plug-ins that can execute PHP code from the WordPress administration screen and embed the malicious code in the database. This is a new issue.

How the Eval PHP plugin works

There are several plugins that allow you to execute PHP code from the WordPress admin panel.
These plug-ins are designed to embed and execute PHP code in any WordPress page, and do not themselves contain any malicious programs, nor are they distributed from the official site without any problems.

Eval PHP

PHP Everywhere

PHPEval

However, since these plugins store and execute PHP code in the WordPress database, it would be possible for hackers to embed and execute malicious programs in the database if they have already successfully infiltrated the site.

Since the WordPress database is a part of the site where few malware infections have been reported so far, many plugins are not checked for malware.

How to deal with malware via Eval PHP plug-ins

Here are some tips on how to deal with this type of malware.

1 Check to see if any unrecognized EVAL PHP plug-ins are installed, and if so, deactivate and remove them.

2 Use a plugin that can also scan databases for malware and remove it.

Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

3 If it is clear that you have been infected with this type of malware, it means that a vulnerability has been exploited or administrative privileges have been seized and you have already allowed hackers to enter your system.

Therefore, in addition to malware detection and removal using the plug-ins mentioned above, the following measures are necessary.

1 Identify and remove unauthorized users.
2 Change passwords of users with administrative privileges
3 Update plug-ins and WordPress

Reference Articles
5 Free WordPress Security Measures