A popular WordPress redirect plugin was found to contain a hidden backdoor. This issue remained undetected for years. As a result, many websites could be at risk. The plugin is widely used to manage URL redirects, so the impact could be significant.
At first, the backdoor stayed inactive. Because of this, it was hard to detect during normal checks. However, attackers could trigger it remotely. They only needed to send specially crafted requests. Once active, the attacker could run commands, inject malicious content, or redirect users without permission.
In addition, this created serious risks for website owners. Attackers could gain admin access without authorization. They could also redirect users to phishing pages. In some cases, they could take full control of the website. Because the backdoor worked silently, many users did not notice anything unusual.
Therefore, administrators should act quickly. First, review all installed plugins. Then, remove or update anything suspicious. Next, run a full security scan. After that, change all credentials, including admin passwords and database access. Finally, monitor website traffic for unusual activity.
Overall, this case shows a growing risk in the WordPress ecosystem. Supply chain attacks are becoming more common. Even trusted plugins can become dangerous over time. For this reason, users should install plugins carefully and keep everything updated.