WordPress Super Socialat backdoor plugin
Description
The Super Socialat backdoor is a malicious WordPress plugin installed by attackers after compromising a website to maintain persistent unauthorized access. This fake plugin masquerades as legitimate functionality but contains code designed to execute arbitrary PHP commands remotely. The backdoor file is typically located at /wp-content/plugins/super-socialat/super_socialat.php and should not be confused with the legitimate "Super Socializer" plugin.
Remediation
Immediately remove the malicious Super Socialat plugin and verify the integrity of your WordPress installation:
1. Delete the entire plugin directory: /wp-content/plugins/super-socialat/
2. Search for any references to this plugin in the WordPress database, particularly in the wp_options table (look for entries containing "super_socialat" or "super-socialat")
3. Review all WordPress administrator accounts and remove any unauthorized users
4. Change all passwords, including WordPress admin accounts, database credentials, and FTP/SSH access
5. Scan the entire WordPress installation for additional malware or backdoors using security plugins or manual file integrity checks
6. Review web server access logs to identify the initial compromise vector and any attacker activity
7. Update WordPress core, all themes, and all legitimate plugins to their latest versions
8. Consider restoring from a clean backup taken before the compromise occurred