WordPress hidden cookie (wp_cookie)


We found very old and hidden WordPress cookie, which named wp_cookie. This allows an attacker to run anything on the compromised user website with user permissions.


This is a very clever attack method that allows arbitrary commands to run on a server with ignoring any server security software, just like normal PHP code.

Also, this have been a very long time hidden, we found that the timestamp on files is 2014: then.

That’s why we don’t publish source code, but we recommended scan server, PHP files our ClamAV Signatures to detect this malware and clean up.

Final words

Use Malware Expert – Signatures detect this malware from files for FREE!

Websites that using Malware Expert – ModSecurity rules are protected against this attacks.