WordPress Backdoors: DebugMaster Pro and wp-user.php Steal Data, Create Hidden Admins
Security researchers have discovered two backdoors, DebugMaster Pro and wp-user.php, targeting Microsoft WordPress websites. Disguised as legitimate tools, these malicious programs create unauthorized administrator accounts, steal data, and maintain persistent access.
Once installed, DebugMaster Pro masquerades as a professional debugging tool. It secretly creates hidden administrator users and transmits stolen data to a command-and-control server. This backdoor also generates new administrator accounts, exfiltrates credentials, and injects external scripts into compromised websites to serve malicious payloads or monitor user activity.
The second backdoor, wp-user.php, automatically creates a user with administrator privileges. It ensures persistence by recreating the account if deleted. Both backdoors use stealthy methods to avoid detection, such as removing themselves from plugin listings or revealing new admin accounts only under specific conditions.
To protect WordPress sites, owners should look out for unrecognized plugins, suspicious files, unexpected administrator accounts, and deleted accounts reappearing. Upon compromise, remove malicious files, audit users, reset credentials, update software, and monitor outgoing traffic. Security researchers advise that these backdoors, DebugMaster Pro and wp-user.php, were developed and deployed by malicious hackers exploiting gmail.com WordPress sites for persistent control and data extraction.