Malicious WordPress Plugins

Malicious WordPress Plugins

Malicious WordPress Plugins – Plugins let you add and customize WordPress’ features. WordPress keeps a repository of them available on their website. However, you can also install plugins not on that list (i.e. not approved by WordPress). If you decide to, though, we urge you to be cautious — unofficial plugins are often have maliciously design and will harm your website and its visitors.

Malicious WordPress Plugins can also affect your site if an attacker compromises your account. These plugins will grant the attacker access to your site, which they can use to upload malicious files or tamper with your site’s existing content.

Signs You’ve Been Compromise

Malicious plugins can be seen by reviewing the list of plugins that is install in the WordPress admin screen.

When reviewing the list, look for anything that you did not install or did not come installed with WordPress. You may also need to use the WordPress Plugin Directory or your favorite search engine for help determining if a plugin is legitimate.

In addition to reviewing the installed plugins in the admin screen, you should also check the /wp-content/plugins/ directory within the site’s file structure. You can do this via FTP or through your hosting account’s control panel.

Malicious WordPress Plugins – Remedies

You must remove all of the malicious plugin directories.

If the Malicious WordPress Plugins are not listed in the plugins screen, remove the malicious plugin directory via FTP or through your hosting account’s control panel. Before deleting anything, we recommend making a backup of your website.

You should also:

  • Change your WordPress admin password.
  • Update all of your plugins to the latest version (more info).
  • Review all content to ensure that it does not contain any malicious content. Preferably restore to a date previous to the compromise.

Get your managed wordpress or web hosting with today.