Hackers Exploit WordPress mu-plugins Directory to Hide Malicious Code

Hackers are exploiting the "mu-plugins" directory of WordPress sites to hide malicious code, aiming to maintain persistent remote access and redirect visitors to fraudulent sites. Mu-plugins, or must-use plugins, are plugins located in a special directory ("wp-content/mu-plugins") that are automatically executed by WordPress without requiring explicit activation. This method allows attackers to inject spam and hijack the site's images.