What a Fake Plugin Attack Looks Like on a WordPress Site (Real Case Study)

by Jason 07 July, 2025

What Does a Fake Plugin Attack Look Like on WordPress?

We recently cleaned up a compromised WordPress site for a charity — and the attack had all the hallmarks of a classic “fake plugin” exploit.

Here’s what we found under the hood:

A fake plugin named “LiteSpeed Cacher” — looked legit, but was pure malware
Hidden PHP files scattered across /uploads/ and inside plugin folders
News posts injected with gambling links
A rogue admin account called adminbackup
A remote file manager plugin quietly installed during working hours

Once we dug into the logs, it became clear: the attacker had accessed the site using a compromised admin login. With that level of access, they were free to post content, upload malicious files, and install whatever they liked.

Red Flags: What to Watch For

If you manage or maintain a WordPress site, watch for these warning signs:

Plugins you don’t remember installing
Author names you don’t recognise
Strange outbound links (especially in older posts)
New WordPress users you didn’t add
Slow performance or weird behaviour in the admin area

How We Responded

We got the site locked back down quickly:

Removed all rogue files and fake plugins
Deleted suspicious user accounts
Locked down file editing
Added real-time monitoring and alerts
Educated the client on account security and 2FA

Key takeaway: If someone’s not actively watching the back end of your WordPress site, your security risk compounds every day.

🚨 Security Is Now Front and Centre in All JMJ Care Plans

We’ve just rolled out revised WordPress Care Plans to boost security across the board. Every plan now includes:

✅ Automatic Plugin Security Protection
Powered by Malcare, this alerts us instantly if one of your plugins is vulnerable.
🛡️ One-Click Malware Removal (VIP Plans)
VIP clients now get access to instant malware removal— no waiting, no big manual clean-up bills.

We’ve baked in more security without raising prices — because prevention is always cheaper than cure.

Want to Sleep Better at Night?

If your site matters — to your customers, to your cause, or to your bottom line — don’t leave it wide open. Get proactive protection and expert eyes on it.

Check out our WordPress Maintenance Packages or get in touch if you’ve seen something sketchy on your site — we’re happy to take a look.

From Concept to Launch: The Process Behind Our Website Development

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.