Description
After a WordPress website is compromised, some attackers install a fake backdoor WordPress plugin to maintain access to the compromised website. This plugin is called Super Socialat and can be used to execute arbitrary PHP code.
The backdoor is present in the file /wp-content/plugins/super-socialat/super_socialat.php.
Remediation
Remove the Super Socialat backdoor plugin by deleting the file /wp-content/plugins/super-socialat/super_socialat.php.