Cybersecurity researchers at GoDaddy-owned Sucuri have warned that an old plugin called Eval PHP, last updated a decade ago, is being used to hack WordPress websites. The plugin, which creates a backdoor and can mask its activities as cookies has been described as “dangerous.”

The advice is to:

– Keep your website patched and up to date with the latest security releases.

– Protect the admin panel behind 2FA or some another access restriction.

– Regularly backup the website.

– Use a web application firewall to block any bad bots and to virtually patch any known vulnerabilities.