Since the include statement was buried deep down into the wp-settings.php file, it was easy to miss on a casual review. Additionally, because the include itself does not follow any malware patterns, it could be missed by malware scanners.