Hacked WordPress sites are being defended by their attackers

Threat actors are password protecting the exploitable PHP file on compromised WordPress sites to fend off other attackers.