Hackers may install malicious plugins (wp-cleansong, wp-cache, optimize-core, system.php, etc.) once they have successfully infiltrated a WordPress site. This section describes how to deal with the installation of such unauthorized plug-ins.
Rogue plug-ins introduced by hackers
Once hackers have successfully infiltrated a WordPress site, they may install a type of malicious program called a backdoor in the server to facilitate various subsequent unauthorized activities on the server, such as tampering or sending spam emails.
This backdoor may take the form of a plugin that runs on WordPress and may be installed and activated unknowingly.
There are also attacks that use a legitimate PHP-running plugin plus malicious code to write to the database.
Reference WPCode – Malware embedded in database via Insert Headers and Footers plugin
How to tell if a plugin is malicious
Malicious plug-ins may masquerade as security plug-ins, update plug-ins, etc., in order to appear harmless.
If you see a suspicious plugin in the list of plugins in the WordPress administration screen, you can use the following methods to identify the plugin to some extent.
1 Plug-in does not exist on the official WordPress website
WordPress plug-ins are listed on the official WordPress website according to the following rules.
https://wordpress.org/plugins/"Slug"/
*Slug is the name of the plugin folder in wp-content/plugins.
If a plugin is not listed as an official plugin and you do not remember installing it, it may be a rogue plugin installed by a hacker.
2 Code is obfuscated
Hackers often obfuscate the code to hide the original function of the malicious code.
If you download and open the code of a plugin using FTP software and find obfuscated code such as the following, it may be a malicious plugin installed by a hacker.
3 There is a file in the plugin folder that is judged as malicious code by the malware scan.
Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal]
If there are files in the plugin folder that are detected as malware by malware scanning plugins such as [Free] WordPress:Malware Scanning & Security Plugins [Malware & Virus Detection & Removal], there is a high possibility that the plugin is a malicious one installed by hackers.
How to deal with rogue plug-ins
If you are certain that a hacker has introduced a malicious plugin, stop and remove the plugin.
If the hacker was able to install a malicious plugin, it means that he/she is able to log in to the administration screen, so it may be necessary to take other security measures.
If the hacker was able to install other malicious files, it means that the hacker has been able to log in to the administration screen, so we will need to take other security measures.
Check for unauthorized user registration.
Countermeasures against vulnerabilities that allowed hackers to enter the server.
Reference 5 free WordPress security measures
This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.
