How to Identify a Rogue WordPress Plugin

WordPress. You have to love it with its neverending supply of plugins that can make your site do just about anything you want, along with WordPress’ constant updates that can make those plugins suddenly do absolutely nothing (or worse). The simple fact is that if you rely heavily on WordPress plugins for your site or blog, you’ll likely come across a rogue plugin at one time or another — one that doesn’t just stop working but manages to royally screw up your site in the process. What joy.

This might be a result of a plugin author failing to update their plugin to work with the latest version of WordPress. It might just be the result of your own failure to update that plugin. Or sometimes plugins simply aren’t compatible with others on your site, and an installation or upgrade can make the whole thing seem completely wonky.

If you’re new to WordPress and plugins, maybe you’re dealing with these kinds of issues for the first time. If so, here are some tips to help you identify and nab the culprit and get rid of, fix, or replace that rogue WordPress plugin.

Step One: Note Important Settings

In most cases (at least of what I’ve personally seen) deactivating a plugin doesn’t completely reset any manual choices you made in the plugin’s settings. But it could happen. So start by jotting down notes about important settings in case you need to replicate them later.

Step Two: Disable Plugins One by One

Fortunately the testing to find a rogue WordPress plugin is fairly simple. Just visit the plugins list in your WordPress admin interface and click the deactivate link near a plugin. That stops your site from using that plugin without actually deleting it from your server. Check your website or blog again. If it’s now working properly, you’ve identified the problem plugin and you can move on to the next step. If not, deactivate another plugin. Keep doing this until you find the plugin causing the problems (where your site will work upon its deactivation). Don’t forget to activate your working plugins again when you finish this step.

deactivate wordpress plugin
Deactivate WordPress Plugins

Step Three: Remove, Repair, Replace

You have a few options once you’ve found your rogue WordPress plugin. You can simply delete it if it wasn’t vital to your site. You can also check for updates to the plugin. If the plugin author hasn’t released an update yet, check their website to see if there’s a fix in the works to make it compatible with your version of WordPress before scrapping it for good. Or you can search the WordPress plugin database and see if there are other plugins available that will offer you the same functionality. If so, install one and test it out — make sure it works properly and doesn’t cause similar problems, or continue looking for other options.

find wordpress plugins
Find Alternative Plugins in Your WordPress Admin Interface

Easy peasy, right? While rogue WordPress plugins can be a royal pain when they lead to sudden blog malfunctions, fortunately the solution is a simple three-step process. If you’re facing plugin problems of your own, best of luck in tracking down the culprit!

Written by
Jennifer Mattern
Join the discussion

  • If you find your site running slowly all of the sudden, start with the deactivate one at a time approach. I have found every time my site starts acting up, it’s 9 out of 10 times always a plugin that needs updating or replacing altogether.

  • Important Topic! Thanks for the insights, I have had some bad plugins crash my entire installation recently. Had to fight the dreaded “WordPress White Screen of Death!”

  • Excellent advice and very important to follow those steps. I think that most plugins don’t remove their settings on deactivation since they are stored in the DB, and most coders won’t remove those settings unless you actually delete the control. Even then, it’s questionable. Still, good practice to note the settings before getting down and dirty.

      • What would be super cool is the ability to output (print) the settings, so you don’t have to spend all that time writing…

        hmm…I wonder…

  • This is an excellent start to a process that can be time consuming and painful.

    For bloggers who aren’t developers, this is probably as far as needs go. Might be good to scan new plugins for base64 encoding as well. Just in case.

    As a developer, I’m starting to dig a lot deeper, and with many (the majority?) of the ~14,000 plugins being effectively abandoned, there is some seriously deficient code hanging around the WordPress plugin database. This problem is only going to get worse before getting better.

    • I always wonder about that – the plugins that haven’t been updated since previous versions of WP that the owners have abandoned. It will be sad to lose some of that functionality one day.

  • Well, i once has been a victim of this plugins thing. I was not able to update some of them and before I know it, my wp crashed.. I could not even make a post. Not even re-installing the dbase backup helped. I had to go through a complete and clean WP installation.