WPNEWS team 
By default, WordPress makes certain directories writeable so that you and other authorized users on your website can easily upload themes, plugins, images, and videos to your website.
However this capability can be abused if it gets in the wrong hand such as hackers who can use it to upload backdoor access files or malware to your website.
These malicious files are often disguised as core WordPress files. They are mostly written in PHP and can run in the background to gain full access to every aspect of your website.
