Bitdefender Mobile Security Buy India, Bitdefender Premium Security

Hidden WordPress Backdoors Found Creating Admin Accounts

Posted on October 1, 2025October 7, 2025 by Bitdefender

Bitdefender Gravityzone

Security researchers have uncovered two backdoors planted on compromised WordPress websites that were ultimately designed to generate administrator accounts. The intrusion also helped attackers maintain long-term access even after the web admins tried to clean up, Sucuri researchers explained.

Disguised as Legitimate Files

The first backdoor, *DebugMaster Pro*, sounds like a professional debugging tool. However, its code is built to create hidden administrator users with hardcoded credentials that will also secretly transmit stolen data to a command-and-control server.

It also uses various methods to avoid detection. For example, the plugin removed itself from WordPress plugin listings, and only if the web administrator used filters could they reveal the new admin account.

The second threat, *wp-user.php*, looked simpler – but appearances are deceiving. Its script could automatically create a user with administrator privileges. If the site owner deletes the newly created account, the backdoor immediately recreates it on the next execution.

How the Backdoors Operated

Once the backdoors were in place, the fake plugin generated new administrator accounts and exfiltrated credentials, including usernames, passwords, and the servers’ IP addresses. This data was encoded in JSON, obfuscated with base64, and sent to an external command and control server.

Additionally, the malware injected external scripts into compromised websites. These scripts were loaded for all visitors, with the exception of administrators or whitelisted IPs, which allowed attackers to serve malicious payloads or monitor user activity.

On the other hand, *wp-user.php* ensured persistence by enforcing the presence of a specific administrator account. Even if administrators changed the password or deleted the account, the script restored it.

Signs of Compromise

WordPress site owners need to look out for:

Unrecognized plugins or suspicious files such as DebugMaster.php or wp-user.php.
Unexpected administrator accounts.
Deleted accounts reappearing after removal.

Recommended Protection

To recover from this type of compromise, security researchers advise the following:

Remove malicious files: Delete DebugMaster and wp-user.php.
Audit users: Remove the hardcoded “help” administrator account and other suspicious entries.
Reset credentials: Change all WordPress, FTP, hosting, and database passwords.
Update software: Patch WordPress, plugins, and themes to the latest versions.
Monitor outgoing traffic: Track server logs for connections to unknown domains.

Bitdefender: Trusted Cyber Security for Every Device, Every Business

Bitdefender is the best and most reliable Business Cybersecurity Software for your organization at great price! Buy Bitdefender Antivirus Plus, Internet Security, Total Security, Mobile Security, Premium Security Software For Home Users.

For SMB & Enterprise Solutions, Order GravityZone Business Security, Business Security Premium, Business Security Enterprise, Email Security & Patch Management Business Cybersecurity Softwares in India at great discounted prices.

Bitdefender offers a comprehensive range of Cybersecurity software solutions for individuals and businesses, protecting your devices from online threats like malware, ransomware, and phishing attacks.Their product lineup includes Bitdefender Antivirus Plus, Internet Security, Total Security, Mobile Security, Family Pack and Premium Security each tailored to meet specific security needs. Whether you're a home user seeking essential protection or a business requiring advanced endpoint security, Bitdefender has a solution to keep you safe online.

Bitdefender’s Total Security offers top-level protection for all your digital needs. This Premium Cyber Security solution includes advanced Internet Security to guard against online threats and comprehensive Mobile Security for Android and iOS devices. It ensures your digital life is secure with robust protection for safe browsing and data security across all platforms. With this pack, you can enjoy peace of mind knowing that your Mobile Security is safeguarded with the highest level of protection. Fortify your digital world with Antivirus Plus, Antivirus for Mac, Compare Solutions, Trial Downloads, and Bitdefender Password Manager all in one powerhouse lineup.