Outdated and bad plugin check

The scan

This scan checks if you're using any plugin that has been removed from the official repository or that hasn't been updated in the last two years or more.

Note : plugins that haven't been updated for two years or more are not necessarily dangerous. They just may not need any update at all.

The fix

SecuPress will first ask you to select the plugins to be removed.

On a multisite, each site's administrator will have to deactivate the plugins you've selected via a dedicated page. They will also be notified in their admin. This step has a few purposes :

  • execute the uninstall scripts on each site.
  • inform each administrator that the plugins have been deleted, because those may be important.

Once the plugins are deactivated on every site, you will be able to go back on SecuPress' main scanner page and finally uninstall them.

What if the fix doesn't work ?

Several solutions are possible.

  1. Try to manually delete the plugins from the usual plugins page (/wp-admin/plugins.php).
  2. Access your site via FTP, open up thewp-config.php file at the root of your site, and look for the following line and delete it:
    define( 'DISALLOW_FILE_MODS', true );

    Caution : do not mistake this line with the  DISALLOW_FILE_EDIT constant ! If the line doesn't exist, then you have nothing else to do.

  3. Access your site via FTP, check the chmod for the /wp-content/ and /wp-content/plugins/ are set to 0755. If they are then you have nothing else to do. If you don't know what 'chmod' is then do nothing. Once the chmod is set, try clicking the 'fix it' button again.

  4. Access your site via FTP and manually delete the plugins.