Reporting malicious hijacker plugin
-
I recently found a malicious hidden plugin on my client’s WordPress self-hosted website…I want to submit that plugin to WordPress developers to make it more secure. How and where should I submit that?
-
It’s not up to the wordpress.com or wordpress.org developers to make a third party plugin more secure. Only if that plugin is available at https://wordpress.org/plugins/ you can report it over there.
-
Hello there.
I looked at your account at WordPress.com and couldn’t see any plugin-enabled sites, so I’m assuming this is for a site hosted elsewhere or on a company system?
If the plugin is something that isn’t listed in the WordPress.org plugin directory, then there really is nothing that can be done. If people are downloading it from a website somewhere, then the only people you could reach out to would be the plugin makers themselves. There is no vetting possible if a plugin is distributed that way.
If the plugin is in the plugin directory, you can contact the WordPress community. Here is an old but relevant guide to reporting plugins – https://make.wordpress.org/plugins/2015/05/04/reporting-plugin-issues/
There is nothing stopping anyone from distributing code online, and lots of people do, but we wouldn’t recommend any plugin that hasn’t been verified in some way.
I hope this helps.
- The topic ‘Reporting malicious hijacker plugin’ is closed to new replies.
WordPress.com Forums 