Emerging WordPress Threat: Undetected Malware Creating Concealed Admins, Redirects, & Hidden Plugins

WordPress sites are now targeted by stealth malware that establishes hidden admin accounts, reroutes visitors, and masks plugins.

if(isUserAdmin() && !isset($_GET['unlock'])) {
  applyHiddenStyle('sec-menu');
}

Run updated SQL checks on key options for quick detection.