Malicious WordPress Plugins

Plugins let you add and customize WordPress' features. WordPress keeps a repository of them available on their website here. However, you can also install plugins not on that list (i.e. not approved by WordPress). If you decide to, though, we urge you to be cautious — unofficial plugins are often maliciously designed and will harm your website and its visitors.

Malicious plugins can also affect your site if an attacker compromises your account. These plugins will grant the attacker access to your site, which they can use to upload malicious files or tamper with your site's existing content.

Signs You've Been Compromised

Malicious plugins can be found by reviewing the list of installed plugins in the WordPress admin screen (more info).

When reviewing the list, look for anything that you did not install or did not come installed with WordPress. You may also need to use the WordPress Plugin Directory (more info) or your favorite search engine for help determining if a plugin is legitimate.

In addition to reviewing the installed plugins in the admin screen, you should also check the /wp-content/plugins/ directory within the site's file structure. You can do this via FTP (more info) or through your hosting account's control panel (more info).

You can find additional signs you've been compromised in What if my website is hacked?.

Remedies

You must remove all of the malicious plugin directories (more info).

If the malicious plugins are not listed in the plugins screen, remove the malicious plugin directory via FTP (more info) or through your hosting account's control panel (more info). Before deleting anything, we recommend making a backup of your website (more info).

You should also:

  • Change your WordPress admin password (more info).
  • Update all of your plugins to the latest version (more info).
  • Review all content to ensure that it does not contain any malicious content, or preferably restore to a date previous to the compromise.

이 글이 도움되었나요?
피드백을 보내주셔서 감사합니다. 고객 서비스 담당자에게 문의하시려면 지원 전화 번호 또는 위의 채팅 옵션을 이용하시기 바랍니다.
도와드릴 수 있어 기쁩니다! 더 도와 드릴 것이 있나요?
그것 유감스럽습니다. 혼동이 되었던 사항 또는 솔루션이 고객님의 문제를 해결하지 못했던 원인을 알려주세요.