Security & Hosting

Reviewed a WordPress Site for Suspicious Plugin-Like Files

A WordPress security note about reviewing a compromised-looking site from dashboard access only and outlining the deeper cleanup path.

Quick summary

A WordPress security note about reviewing a compromised-looking site from dashboard access only and outlining the deeper cleanup path.

The problem

The initial access was limited to wp-admin, but suspicious files and theme compromise indicators still needed to be reviewed and documented.

What I checked

  • Available WordPress admin access
  • Backup plugin export options
  • Security scan results
  • Suspicious plugin-like files with misleading names
  • Active theme compromise indicators

What I changed

  • Downloaded the available backup for offline review
  • Started security scanning from the dashboard
  • Identified suspicious injected files using misleading names
  • Reviewed active theme compromise indicators
  • Outlined the clean-file replacement path for core, themes, plugins, permissions, database, and users

Result

The review established the likely compromise pattern and made clear which cleanup work required FTP or full filesystem access.

What I'd watch next

  • Whether full filesystem access is provided
  • Whether clean core, theme, and plugin copies can replace modified files
  • Whether user access and database records are reviewed after file cleanup

Tools used

WordPressWPVividWordfenceSecurity review

Need help with something similar?

Send the URL and what needs fixed.