This entry was Originally posted on wordfence.com in General Security, WordPress Security on February 2, 2016 by mark
  At Wordfence we frequently investigate hacked customer websites as part of an ongoing R&D effort to improve our core scanning engine. Examining hacked sites gives us data on how the attackers gained entry and provides us with visibility on the latest attack tools. It also provides us with signatures we can add to our core scanning engine that improves our ability to detect a hack. During a recent investigation of a very large infection we found a trove of attack tools that all pointed back to a single “meta” script. This script was only two lines long but provided an attacker with a powerful capability. Once it fully...