Only use this code for pentesting systems you're authorized to touch. Or I will be seriously grumpy in your general direction.
Add new administrator user
Exfiltrate wordpress site content export
Wordpress plugin installation
Automatically hide the malicous plugin after it's installed
Upload PHP meterpreter shell and execute
Disable WordFence? (work in progress)
Pop proper meterpreter shell (really, no one likes PHP meterpreter shells)?