If you’re running a WordPress website, make sure that you are managing your plugins well.
The only plugins you should have active are the ones you need. Anything that’s not active should be deleted. If you do this, your website will run smoother. You also lessen your risk of being compromised simply because there are less folders to hide malicious scripts in.
We recently came across a WordPress website that had a caching plugin deactivated but it was still actually running. It was doing some caching and, at first, we couldn’t figure out what was going on. We then dug in and saw that cache files being generated and realized what was happening. We were able to clean up the files, delete the plugins and then everything ran as it should. So, the moral of that story is that you never really know if a deactivated plugin is really deactivated.
If you’d like help or an evaluation of your WordPress website, we’re here to help!