Title: Plugin installed by hacker Last modified: September 2, 2024 --- # Plugin installed by hacker * [pat1701](https://wordpress.org/support/users/pat1701/) * (@pat1701) * [1 year, 8 months ago](https://wordpress.org/support/topic/plugin-installed-by-hacker/) * For a few months now, the Hello Dolly plugin has been installed on websites without any registered user having done so. As a result, the website has been infected. We had to restore several of them, and after a few days the plugin comes back. Where is this coming from? Through a WordPress update?How can I solve this? Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [Dion Hulse](https://wordpress.org/support/users/dd32/) * (@dd32) * Meta Developer * [1 year, 8 months ago](https://wordpress.org/support/topic/plugin-installed-by-hacker/#post-17990728) * Hi [@pat1701](https://wordpress.org/support/users/pat1701/), * There’s two potentials here: 1. Whatever you use for WordPress updates is re-installing the plugin. 2. A malicious plugin is being installed and pretending to be Hello Dolly. * Because WordPress includes Hello Dolly by default, some WP management tools do automatically re-install it, however, WordPress itself does not re-install it if you remove it. * Because it’s included by default in WordPress, many malicious actors may install a malicious plugin and set it’s name to Hello Dolly to disguise it on your site. In other words, the plugin you see installed may not actually be Hello Dolly. * If you’re finding the plugin constantly re-installed, and there’s a chance that it may not be the Hello Dolly plugin, you should treat your site as infected by malware / hacked and run through the appropriate steps. Simply removing the plugin is unlikely to remove the infection, nor would it remove the way that they’ve got control over the website. * The below article may help with direction on scanning and cleaning up any infection. * > [FAQ My site was hacked](https://wordpress.org/documentation/article/faq-my-site-was-hacked/) * Thread Starter [pat1701](https://wordpress.org/support/users/pat1701/) * (@pat1701) * [1 year, 8 months ago](https://wordpress.org/support/topic/plugin-installed-by-hacker/#post-17991683) * Hi, Dion Hulse, thanks for your reply. I’ll read the article and follow the instructions. The next time I see the plugin installed on my site, I’ll check if there’s a link to the plugin page – if there isn’t, it’s fake!I’ll report any news here. I sent here a message because I thought it was important for you to know what’s going on.One site even had 2 Hello Dollys installed! I’ve never seen that!Have a nice week. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Plugin installed by hacker’ is closed to new replies. * ![](https://ps.w.org/hello-dolly/assets/icon-256x256.jpg?rev=2052855) * [Hello Dolly](https://wordpress.org/plugins/hello-dolly/) * [Support Threads](https://wordpress.org/support/plugin/hello-dolly/) * [Active Topics](https://wordpress.org/support/plugin/hello-dolly/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/hello-dolly/unresolved/) * [Reviews](https://wordpress.org/support/plugin/hello-dolly/reviews/) * 2 replies * 2 participants * Last reply from: [pat1701](https://wordpress.org/support/users/pat1701/) * Last activity: [1 year, 8 months ago](https://wordpress.org/support/topic/plugin-installed-by-hacker/#post-17991683) * Status: not resolved