I wanted to post a quick update about a strange problem I came across recently where all of the plugins were deactivating and disappearing on one of my client’s WordPress sites. This issue was a real head-scratcher for me, as I’d never experienced anything like it before.
The plugins would mysteriously vanish from the WordPress dashboard when I’d attempt to perform an update. The files and folders were still there on the server, but they’d all had a massive string of code injected into the php files within the plugin folders which rendered the headers invalid and caused WordPress to deactivate them.
If you know how to look for this, this is what you might find…
Rather than get into all of the gory details as to what causes this issue and why (because, well, I don’t even know all of the details myself)…I mainly wanted to share the solution.
If you’re having a problem with your WordPress plugins disappearing…
It is likely related to the MailPoet plugin. As I’d mentioned, this is something I’d never seen before, and the reason why is because it was being caused by a plugin which I had never used. My client had installed this plugin thinking it would be a good solution for their newsletter mailings.
This plugin is called MailPoet, aka Wysija Newsletters. It is very popular, because it is free, but sheesh…so is MailChimp and it’s also 10x better, more practical and more efficient. Sending newsletters out from your WordPress installation is a bad idea on so many levels.
Anyway…if you’re using this plugin, know that it has a vulnerability which can lead to a malware infection which will cause this wonky issue with your site’s php headers.
I recommend you delete it from your plugins folder via FTP and then go to MailChimp and set up your free account.
Recovering your vanished WordPress plugins…
If you’re comfortable doing so and don’t mind the tedium, you can access your plugin’s php files and delete the offending code manually. Most of you won’t want to do this or won’t know how, so I’ll share the more practical way.
- Delete the plugin folders via FTP (if you have a bunch, be sure you screen cap your plugins folder so you don’t forget which ones were installed). The plugins are located in: /public_html/wp-content/plugins/
- Re-install and re-activate the plugins through your WordPress dashboard
Your settings will be saved in the database, so basically you’re just re-uploading clean files, so no need to reconfigure them. Whew!
Next, install WordFence and run a security scan…
I highly recommend this next step because you need to be sure your WordPress core files are clean and untampered with. In my client’s case, they had been violated, but WordFence got things back in order quickly.
- Open up WordFence and click the ‘Start a WordFence Scan’ button.
- Click the link near the bottom that says ‘Bulk operation>>’.
- Click the buttons shown in the screenshot below.
Your site should be worry-free at this point. Yay!
If this issue was related to your problem and my solution helped you, then awesome! I’m glad I was able to save you some frustration. 🙂