Home Guides Glossary

Malicious WordPress Plugins

Plugins let you add and customize WordPress' features. WordPress keeps a repository of them available on their website here. However, you can also install plugins not on that list (i.e. not approved by WordPress). If you decide to, though, we urge you to be cautious — unofficial plugins are often maliciously designed and will harm your website and its visitors.

Malicious plugins can also affect your Website if an attacker compromises your account. These plugins will grant the attacker access to your Website, which they can use to upload malicious files or tamper with your Website's existing content.

Signs You've Been Compromised

Malicious plugins can be found by reviewing the list of installed plugins in the WordPress admin screen (more info).

When reviewing the list, look for anything that you did not install or did not come installed with WordPress. You may also need to use the WordPress Plugin Directory (more info) or your favorite search engine for help determining if a plugin is legitimate.

In addition to reviewing the installed plugins in the admin screen, you should also check the /wp-content/plugins/ directory within the Website's file structure. You can do this via FTP (more info) or through your hosting account's control panel (more info).

  • You can find additional signs you've been compromised in What if my website is hacked?.

  • Remedies

    You must remove all of the malicious plugin directories (more info).

    If the malicious plugins are not listed in the plugins screen, remove the malicious plugin directory via FTP (more info) or through your hosting account's control panel (more info). Before deleting anything, we recommend making a backup of your website (more info).

    You should also:

    • Change your WordPress admin password (more info).
    • Update all of your plugins to the latest version (more info).
    • Review all content to ensure that it does not contain any malicious content, or preferably restore to a date previous to the compromise.

    Domain Registration

    Pay less for website domain names. Register your own .com, .net or .org for as low as $10.18 per year. We have everything you need to get online with your new domain.

    Website Builder

    Build an amazing website in just under an hour with Website Builder. Take advantage of designs created just for your industry and then customize them to reflect your one-of-a-kind idea.

    Website Security

    Protect your website and keep customers safe. Your comprehensive Website Security solution. Get peace of mind by securing your websites. We fix hacks to help prevent attacks.

    cPanel Hosting

    Everything needed to give your website the high-performance home it deserves.  Protect transactions and secure your customer's data with a SSL Certificate
    Copyright © 2005 - 2023.  All rights reserved.  Privacy Policy