How to Disable a WordPress Plugin Without Hosting Access
If you’re reading this, I assume you’re either a seasoned WordPress developer or someone just getting started with the platform.
WordPress is incredibly powerful and there are hundreds of applications built on top of the platform, all ready to be deployed. However, as powerful as WordPress is, it’s still a text-based piece of software which is easily hackable. Since the beginning, WordPress has been plagued by hackers who find it easy to breach security simply because the application is so popular.
The reality is, even with all of WordPress’s security measures in place, it’s still vulnerable to hacking because it’s too easy to get access to your hosting account without the need for a password.
Here’s where things get tricky. If you’re a developer or a business owner who’s built their entire site on WordPress, how can you maintain security and prevent your site from being hacked?
The answer is, you can’t. Once you get hosting access, it’s too late. The damage is already done. You’ll need to start from scratch.
Fortunately, there are viable workarounds which can help you keep your site secure. The trick is knowing how to disable the offending plugin so that it no longer poses a threat to your site. In this article, we’ll discuss how to do just that. However, before we begin, it’s important to understand what a WordPress plugin is and why exactly it’s a problem.
What Are WordPress Plugins?
If you’re using WordPress, you’ve most likely encountered plugins. These are pieces of code which can enhance your experience on the platform or provide a specific functionality you might not have accessed or needed in the past.
WordPress plugins can range from simple visual tweaks to fully-fledged applications which do something unique and helpful.
For example, Tricky Woo is a WordPress plugin which allows you to create surveys and quizzes for your blog or website. The plugin offers numerous options which allow you to completely customize the form to fit your needs. Additionally, the plugin is highly secure and integrates with almost all major CRM platforms, email marketing tools, and accounting software. Thanks to all these features, Tricky Woo is among the most popular WordPress plugins available today.
Why Do I Need To Disable WordPress Plugins?
WordPress plugins are like little gems which can enhance your site’s functionality and performance, as well as protect it from online criminals. While plugins aren’t malware or a security threat per se, they can be a roadblock to protecting your site from cyber attacks. Why?
If a hacker gets hold of your WordPress username and password, they can easily access your site. From there, it’s a simple matter of scanning for unprotected plugins which are often times used by default on fresh new WordPress installations. Once they’ve found a suitable candidate, the next step is to download it and add it to their arsenal for future hacking attempts.
If you suspect an existing plugin might be the cause of a security breach at your site, the first thing you should do is remove it. Since plugins are simply code which can be easily deleted, there’s no need to worry about messy server configurations which would otherwise be required if you decided to remove it manually.
While it’s not always possible to disable plugins with no host access, it is possible to do so with enough effort. For the most part, plugins are useful and can offer a variety of benefits to a site. However, if you find that a plugin is causing security vulnerabilities at your site, you should remove it as quickly as possible. Doing so might help prevent further problems that could arise from its presence.
How Do I Disable A WordPress Plugin Without Hosting Access?
Since we can’t always prevent our site from being hacked, it’s a good idea to take active measures to prevent the problems which arise from a breach from continuing to plague our websites. To do this, we’ll need to use a few different tools in combination to create a powerful hack shield which can detect, prevent, and clean up after any attempted hacks or data breaches. Let’s get to it!
The first step is to create a brand-new WordPress user with a randomly generated password. To do this, navigate to Settings > Users in your WordPress dashboard. From there, you can click on the Add New User button and create a new user with a randomly generated password. Remember, if you’ve already got a user with admin privileges, you don’t need to re-add them to create a new one. You can just use your existing user to navigate Settings > Users and make the necessary changes.
Once you’ve created a new WordPress user with a randomly generated password, you can proceed to the next step. If you’re using the default theme for WordPress, the next step will be quite easy to accomplish. However, if you’ve chosen a different theme, you might have to dig a little bit deeper to find the login screen.
Find The Login Screen For WordPress (The Default Theme)
With your new user in place, you can start by looking for the login screen in your WordPress dashboard. To do this, navigate to your WordPress dashboard and click on the Login Screen icon at the top. From there, you can choose between the WordPress and WordPress Custom login screens. The WordPress login screen is located at Settings > General Settings in your WordPress dashboard. It’s the default screen which appears when you first create a new account on the platform. If you’ve chosen a different username for your site than you’ve used with the default user, you’ll need to find the custom login screen to access your site’s backend.
Disable The Plugin That Caused This Security Issue
After you’ve located the login screen for WordPress, you’ll need to hover your cursor over the Activate Plugin button and click on the Disable link. This will then disactivate the offending plugin and you’re done! You’ve now stopped this plugin from posing a security threat to your site and can continue working on protecting your content.
If you find that this plugin still poses a problem despite the fact that it’s been disabled, you can try uninstalling it completely. To do this, navigate to Plugins in your WordPress dashboard and click on the Uninstall button next to the offending plugin. Once you’ve removed it, install the plugin again and this time be sure to replace its activated version with a deactivated one. This will help ensure that no security breaches occur as a result of its presence. Be sure to backup your site before making any changes in case something goes wrong.
Secure Your WordPress Installation
Now that you’ve removed the offending plugin and reinstalled it, you’ll need to secure your WordPress installation. To do this, open up Settings > Security in your WordPress dashboard. From there, you can enable two-factor authentication with Google or another provider. You’ll also need to set a strong password for your WordPress account and choose a strong security question. Finally, be sure to change the admin email address associated with your account. Leaving the email field blank will help prevent email hacking attempts which could result in account takeovers.
You’ll then need to visit the WordPress Support site to have your account verified. Once your account’s verified, you’ll see a green lock in the upper right corner of the screen.
Congratulations! You’ve now secured your WordPress installation and can begin developing your site with confidence!
If you found this walkthrough useful, be sure to check out our guide to creating a basic privacy policy for your blog or website. That way, you’ll be sure to cover all the legal bases should someone decide to violate your privacy.