Wordfence has issued a PSA warning about a phishing campaign targeting users of WordPress, which includes a malicious backdoor that allows attackers to gain full control of the WordPress site and access to a hidden administrator user.

Click for details.