Hey @alienative thank you so much for the positive review!
I wanted to note that with Disable Blog active, no new posts can be created via any method because the plugin unregisters the ‘post’ content type from WordPress core. Is there a specific tool/method you were concerned about?
What I mean is, I used the plugin to disable Blog posts but someone when I enabled it back, I saw hundreds of posts injected to Posts section, with malware links. So maybe that was done in another way?
That sounds like it could be a number of things, but likely someone accessed your site’s database directly, placing content in the wp_posts table. This could be done even with Disable Blog plugin activated, as it circumvents WordPress entirely. Deactivating the Disable Blog plugin would have simply made the content accessible to you from the admin and front-end of the site again.
I would suggest reaching out to your host and/or support team, or using a security plugin to check the site, it may have been hacked.
Thanks again for the review, please reach out on the forums if there are plugin-related issues and I’m happy to provide support.
