How to stop WordPress plugins disappearing from the administration page

This article discusses why WordPress plugins may disappear from the administration page, and what to do about it.

Table of Contents

Problem

You install, update, or delete a WordPress plugin, and then some or all of your plugins disappear from the administration page.

Cause

If this problem occurs, your WordPress site has probably been compromised. However, this does not necessarily mean that a new plugin is the cause of the compromise. Whenever you modify a plugin, WordPress performs a basic check on all installed plugins, and removes any of them that have code injected above their metadata.

Many exploits for WordPress plugins and themes take advantage of the fact that WordPress executes the code present in the main file of each active plugin. If a site is compromised and code is injected into a plugin's main file, it executes and very often injects code into any other PHP files it can find. When these infected files are executed, they also seek other files to compromise. Very quickly, every PHP file on a site can have several new lines of code for any number of malicious reasons.

Many code injection-related compromises use WordPress to send spam, advertise a hacker group, or even perform a Distributed Denial of Service (DDoS) attack. The malicious code is executed at least once on every site page view, which means the hack performs its task at least once per site visit. So if the purpose of the hack is to send spam from your account (for example), e-mail messages are sent out from your site every time a user visits a page.

The fact that WordPress removes files that have missing metadata is not a security feature; if it were, WordPress would perform this check periodically and produce a useful warning to inform you of what happened. Instead, this is just a byproduct of WordPress requiring a specific set of data in a comment at the beginning of each plugin. This metadata contains the plugin name, plugin version information, a brief description of the plugin, links to the plugin homepage, and authorship information.

Resolution

To resolve this problem, follow the procedures described in the Cleaning up after a hack section of this article.

 

Get WordPress Hosting

Article Details

Other Articles in This Category

Show More

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.

We use cookies to personalize the website for you and to analyze the use of our website. You consent to this by clicking on "I consent" or by continuing your use of this website. Further information about cookies can be found in our Privacy Policy.