Hackers Use Fake WordPress Plugin to Maintain Full Site Control - 1

Image by Souvik Banerjee, from Unsplash

Hackers Use Fake WordPress Plugin to Maintain Full Site Control

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Researchers have found hackers exploiting WordPress sites through concealed backdoors, gaining full control, even when site owners try to remove them.

In a rush? Here are the quick facts:

  • A fake plugin named DebugMaster Pro secretly created admin accounts.
  • The malware sent stolen login details to a hacker-controlled server.
  • Malicious scripts were injected into sites, also logging admin IP addresses.

A recent investigation by Sucuri found that two files with malicious content were disguised as normal WordPress system components. One was a fake plugin called “DebugMaster Pro” (./wp-content/plugins/DebugMaster/DebugMaster.php). The other pretended to be a core file (./wp-user.php).

Both were designed to make sure attackers always had an administrator account on the site. The DebugMaster file contained advanced code as it created a secret admin user account. DebugMaster also remained invisible to plugin lists while sending stolen login information to a remote server.

As the report explained: “This snippet forces WordPress to create a new user named help with the role of administrator. If the user already exists, the script ensures it has administrator privileges restored.”

The stolen details, including username and password, were encoded and sent to a hacker-controlled website. The malware performed harmful scripts on the website during its operation to locate the IP addresses of website administrators.

The wp-user.php file presented a straightforward yet concerning situation. The system maintained an admin account named “help” which used a fixed password. Even if a site owner deleted this account, the file would instantly recreate it.

The researchers explained that warning signs of this infection include strange files like ‘DebugMaster.php’ or ‘wp-user.php,’ new or hidden administrator accounts, and deleted accounts coming back.

The solution to this problem involves removing harmful files, and suspicious accounts. Users are also advised to reset all passwords and update WordPress, plugins, and check server logs for unusual connections.

Researchers said the two files “created a resilient foothold on the website,” meaning attackers could easily return unless the site was fully cleaned and secured.

OpenAI Launches ChatGPT Pulse, A Tool That Generates Personalized Morning Updates - 2

Photo by Shane on Unsplash

OpenAI Launches ChatGPT Pulse, A Tool That Generates Personalized Morning Updates

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

In a rush? Here are the quick facts:

  • OpenAI launched ChatGPT Pulse, a new feature that provides personalized updates for Pro users every morning.
  • The new AI tool can connect to other apps, such as Gmail and Google Calendar, to share relevant updates and reminders for customers.
  • Users can adjust and enhance the feed by letting the chatbot know what they consider relevant or irrelevant.

According to OpenAI’s announcement , ChatGPT Pulse will consider users’ information like chats, connected apps such as Gmail and Google Calendar, and feedback from interactions to generate a curated feed of interactive updates in a specially designed interface.

Now in preview: ChatGPT Pulse This is a new experience where ChatGPT can proactively deliver personalized daily updates from your chats, feedback, and connected apps like your calendar. Rolling out to Pro users on mobile today. pic.twitter.com/tWqdUIjNn3 — OpenAI (@OpenAI) September 25, 2025

“Today we’re releasing a preview of ChatGPT Pulse to Pro users on mobile,” wrote OpenAI. “The research appears in Pulse as topical visual cards you can scan quickly or open for more detail, so each day starts with a new, focused set of updates.”

Users can make adjustments by letting ChatGPT Pulse know what they consider useful or irrelevant. The feature also considers the customer’s conversations and data from the apps linked—the integration is off by default and must be activated. It focuses on the users’ interests and upcoming events, offering suggestions such as healthy dinner ideas, reminders for meetings, or training advice for goals like completing a triathlon.

The app can also function as a personal assistant, sending reminders to buy a birthday gift or providing restaurant recommendations for an upcoming trip.

“Every morning, ChatGPT delivers a curated set of the most relevant updates, giving you the information you need so you can get back to what matters most,” added ChatGPT. “Each update is available for that day only unless you save it as a chat or ask a follow-up question, which adds it to your conversation history.”

OpenAI has introduced other features for ChatGPT in the past few months. In April, the company announced an update for its Memory feature , allowing the chatbot to improve its memory processing to provide more personalized experiences. In May, the startup launched Codex , a special feature for software developers. And in July, OpenAI rolled out Study Mode, a tool designed to improve learning processes.