Malicious Actors Exploit WordPress mu-plugins Directory to Deploy Malware

In February, researchers from Sucuri discovered that malicious actors were using the mu-plugins directory of WordPress to deploy malware and bypass security checks. Unlike regular plugins, must-use plugins automatically load with each page load, allowing attackers to maintain persistence and avoid detection by hiding backdoors in this directory.