Nulled scripts almost always include (often named shell.php , up.php , or wp-admin.php ). These allow the hacker who nulled the script to:
In the context of this means: