Zombie Detector
·
Find every zombie installed on your site — inactive, abandoned, or outdated plugins — and clean up in one click.
The single biggest driver of hacked and slow WordPress sites isn’t one bad plugin — it’s dozens of plugins nobody remembers installing. Zombie Detector scans every plugin on your site and gives it a Risk Score based on:
- Whether it’s active or has been sitting inactive for weeks/months
- How long it’s been since the plugin was last updated on WordPress.org
- Whether it’s compatible with the WordPress version you’re currently running
- Whether it runs code on every front-end page load (bigger attack surface) or admin-only
- Whether it’s even findable on WordPress.org at all (custom/premium plugins need manual review)
You get one dashboard: sorted by risk, with plain-English reasons for every score, and a one-click ”Deactivate” action (bulk or individual). Nothing is ever deleted automatically — file deletion always happens from the standard Plugins page, on purpose.
Features
- Risk score (0-100) for every installed plugin
- Plain-English explanation of why each plugin is risky
- Tracks how long a plugin has been inactive
- Checks WordPress.org for staleness and core-version compatibility
- Dashboard widget with a quick high/medium risk count
- Bulk deactivate straight from the report
- No data leaves your site except plugin slugs sent to the public WordPress.org API (to check update dates)
