Title: Can wordpress plugins contain malicious code?
Last modified: August 19, 2016

---

# Can wordpress plugins contain malicious code?

 *  [Sjors01](https://wordpress.org/support/users/sjors01/)
 * (@sjors01)
 * [15 years, 8 months ago](https://wordpress.org/support/topic/can-wordpress-plugins-contain-malicious-code/)
 * Is it possible that plugins contain malicious code? I know that TAC ([http://wordpress.org/extend/plugins/tac/](http://wordpress.org/extend/plugins/tac/))
   checks for malicious code in your wp themes, but how about plugins? If so, what
   would be the worst that could happen? Is there a way how you can check a plugin
   for malicious php script? Or is there a plugin that does this for you? (just 
   like TAC) Thanks.

Viewing 1 replies (of 1 total)

 *  Moderator [James Huff](https://wordpress.org/support/users/macmanx/)
 * (@macmanx)
 * [15 years, 8 months ago](https://wordpress.org/support/topic/can-wordpress-plugins-contain-malicious-code/#post-1679885)
 * > Is it possible that plugins contain malicious code?
 * Anything can contain malicious code. Fortunately, [the plugins hosted here at WordPress.org](http://wordpress.org/extend/plugins/)
   are carefully inspected for malicious code.
 * > what would be the worst that could happen?
 * It’s best to not think about that. Suffice to say, it could be very bad.
 * > Is there a way how you can check a plugin for malicious php script? Or is there
   > a plugin that does this for you? (just like TAC) Thanks.
 * This plugin will scan every file (core, media, plugin, and theme) in your blog:
 * [http://wordpress.org/extend/plugins/exploit-scanner/](http://wordpress.org/extend/plugins/exploit-scanner/)

Viewing 1 replies (of 1 total)

The topic ‘Can wordpress plugins contain malicious code?’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 1 reply
 * 2 participants
 * Last reply from: [James Huff](https://wordpress.org/support/users/macmanx/)
 * Last activity: [15 years, 8 months ago](https://wordpress.org/support/topic/can-wordpress-plugins-contain-malicious-code/#post-1679885)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics