Title: Plugin suddenly activated Last modified: October 5, 2024 --- # Plugin suddenly activated * Resolved [killerog](https://wordpress.org/support/users/killerog/) * (@killerog) * [1 year, 8 months ago](https://wordpress.org/support/topic/plugin-suddenly-activated/) * Hello, * Recently I had some issues with my blog that it sometimes redirected itself to a suspicious website when I visited my /wp-admin/ * To find out what’s causing this, I disabled all plugins by setting a:0:{} on the active_plugins field in my database. This was the previous weekend. * Today I logged in again (without the redirection issue) and I noticed your plugin is the only one active. * So I guess I have two questions 1. Could your plugin be the cause of a malicious redirect? 2. Why does your plugin reactive itself? There was a valid reason I deactivated it. * Thanks for any help you can supply, Rogier. Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [Mircea Sandu](https://wordpress.org/support/users/gripgrip/) * (@gripgrip) * [1 year, 8 months ago](https://wordpress.org/support/topic/plugin-suddenly-activated/#post-18055787) * Hi [@killerog](https://wordpress.org/support/users/killerog/), * Unfortunately, from what you are describing, it sounds like your site access has been compromised and WPCode has been installed to add a malicious script on your site. * From all the cases we encountered before with this issue, the way the attackers get in is through compromised credentials so I recommend that you immediately take these steps to resolve this issue: – Immediately update passwords for all administrator accounts on your website, in all the cases we encountered so far the attackers accessed the website with compromised credentials. Please make sure that you do not use the same username/password combination on other websites.– Review the list of Administrator users and remove any users that you do not recognise– in some versions of this attack the snippet added creates a new administrator account. – Use the WPCode Safe Mode to prevent the snippet from being executed by adding ?wpcode-safe-mode=1 to your wp-admin URL, for example: [https://example.com/wp-admin?wpcode-safe-mode=1](https://example.com/wp-admin?wpcode-safe-mode=1)– Once in safe mode, go to the Code Snippets menu and delete any snippets you do not recognise. – If you did not use WPCode previously, go to wp-admin > Code Snippets > Settings > enable the option to delete all the plugin data, save and then from the Plugins page deactivate WPCode and delete the plugin. This will ensure that all the data added through WPCode is deleted. * I’m sorry you ran into this issue, unfortunately some bad actors are using WPCode once they get access to websites to add unwanted snippets and we can’t prevent that since the attack happens before WPCode is installed. * Thread Starter [killerog](https://wordpress.org/support/users/killerog/) * (@killerog) * [1 year, 8 months ago](https://wordpress.org/support/topic/plugin-suddenly-activated/#post-18055947) * Thanks for the quick reply, I’ll folow the steps you described. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Plugin suddenly activated’ is closed to new replies. * ![](https://ps.w.org/insert-headers-and-footers/assets/icon-256x256.png?rev=2758516) * [WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager](https://wordpress.org/plugins/insert-headers-and-footers/) * [Frequently Asked Questions](https://wordpress.org/plugins/insert-headers-and-footers/#faq) * [Support Threads](https://wordpress.org/support/plugin/insert-headers-and-footers/) * [Active Topics](https://wordpress.org/support/plugin/insert-headers-and-footers/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/insert-headers-and-footers/unresolved/) * [Reviews](https://wordpress.org/support/plugin/insert-headers-and-footers/reviews/) * 2 replies * 2 participants * Last reply from: [killerog](https://wordpress.org/support/users/killerog/) * Last activity: [1 year, 8 months ago](https://wordpress.org/support/topic/plugin-suddenly-activated/#post-18055947) * Status: resolved