Wealthy Affiliate

No credit card. Takes under a minute.

Login
INSIGHTS2 MIN READ

Don't Gamble With Plugins!

FrankB-1

Published on January 18, 2023

Published on Wealthy Affiliate — a platform for building real online businesses with modern training and AI.

Don't Gamble With Plugins!

Hi, WA Friends

Don't gamble with WordPress Plugins. In my case, a plugin literally created a gambling issue! Let me explain.

My guitar site was hacked by a casino business, most likely by a bot. So, here's the very short version of what happened.

GSC alerted me that an application had been made as a new owner for my guitar website. I checked the GSC "Users and Permissions" area, as well as the Google Website Central, for verification attempts, but it all looked legit.

Upon further investigation, I found a plugin in my WordPress back office that I didn't install. It was a sitemap plugin that contained thousands of URLs for various casino-related content pointing to my website. The casino URLs were appended to the end of the URL list on my sitemap.

I changed my WordPress and Google account passwords and notified Site Support. However, they felt my site was hacked through a plugin vulnerability, not a password breach.

Ready to put this into action?

Start your free journey today — no credit card required.

It just so happened that I installed the Sassy Social Share plugin one day before the hack. Although I can't prove it was that plugin, it deleted it and several other plugins I didn't absolutely need.

Site Support removed the rogue WP Sitemap plugin, sanitized my site, and restored my sitemap.

Now what I'm left with is about 1,200 "Unparsable structured data" errors and 1,500 indexed URLs in GSC, all pertaining to the casino hack. I submitted my restored sitemap as soon as possible, and I'm working with Kyle, who suggested I wait a few days to see what happens.

In the meantime, I have been doing some research and found this link:
https://developers.google.com/...

My biggest concern is that Google will mark my domain as a dangerous hacked site and kill my traffic, which I have been monitoring closely.

The moral of the story is to keep your WordPress plugins to a minimum and ensure they are updated since many updates address security vulnerabilities.

Most likely, there are some plugins you can do without, so get in there and do some early spring cleaning!

I would appreciate any suggestions and comments from the WA community.

Rock On! 🤘
Frank 😎🎸

Share this insight

This conversation is happening inside the community.

Join free to continue it.

The Internet Changed. Now It Is Time to Build Differently.

If this article resonated, the next step is learning how to apply it. Inside Wealthy Affiliate, we break this down into practical steps you can use to build a real online business.

No credit card. Instant access.

Trustpilot

Keep Reading

View all articles
INSIGHTS1 MIN READ

From Guitars to Online Marketing!: Reflecting on My WA Journey

INSIGHTS1 MIN READ

"Idle Time" Vs. "Me Time": What's The Difference?

2.9M+

Members

190+

Countries Served

20+

Years Online

50K+

Success Stories

The world's most successful affiliate marketing training platform. Join 2.9M+ entrepreneurs building their online business with expert training, tools, and support.

Member Login

© 2005-2026 Wealthy Affiliate
All rights reserved worldwide.

Platform

HomeWebsites & HostingAffiliate ProgramAbout UsPricing Plans

Community

Success StoriesContact SupportBack Office (Login)

Legal

Privacy PolicyTerms of Service

🔒 Trusted by Millions Worldwide

Since 2005, Wealthy Affiliate has been the go-to platform for entrepreneurs looking to build successful online businesses. With industry-leading security, 99.9% uptime, and a proven track record of success, you're in safe hands.