Guide

WordPress plugin silently activated or deactivated — who did it and when

You open the WordPress admin and notice something is off. A plugin you do not remember installing is active. Or a security plugin you rely on — Wordfence, iThemes Security, a backup plugin — is suddenly deactivated.
Anonymized from a real site A nonprofit's multi-language WordPress

A dormant admin account was doing more work than any human

One of the site's WordPress user accounts had not logged in for months. The person it belonged to had moved on. The account was, however, still attached to authored content and to assets managed by a downloadable-content plugin — and that plugin was running 22+ capability checks per minute against the user, asking whether the dormant account could still access its own files. The check rate looked like a humanly-active user. The user was not active.

The compounding problem is that dormant accounts with elevated roles are a standard initial-access vector. The site owner's first instinct, when asked about the account, was to defend the importance of the user's historical articles — the connection between "still has a role" and "still being asked permission questions about every minute" was not visible without the activity record.

The operator reassigned the historical content to a currently-active editor, demoted the dormant account to no-role, and rotated the password. The capability-check rate against that user dropped to zero.

Related guides

Logystera WordPress plugin dropping events under load — what buffer drops mean and how to fix WordPress Log Monitoring: See What Your Site Actually Does WordPress PHP / core version changed unexpectedly — detecting environment drift WordPress Silent PHP Errors: How to Find Errors Nobody Sees

See what's actually happening in your WordPress system

Connect your site. Logystera starts monitoring within minutes.

Request a demo WordPress integration
Logystera Logystera
Behavioral monitoring for the systems your team operates. Read operational state, get told when behavior changes, with the evidence attached. Current integrations: WordPress and Drupal.
Product
Overview How it works Features Integrations Compare Pricing Changelog Status
Guides
WordPress Cron Not Running WordPress Emails Not Sending Log-Based Monitoring WordPress Monitoring Drupal Monitoring Signals Reference Reports Blog Documentation
Solutions
For Agencies For SMEs For Government For Education For Enterprise Services Engagement Models What Logystera Is FAQ
Legal
Privacy Terms Security Cookies
Company
Contact About Why Logystera
Follow us
Twitter LinkedIn
Copyright © 2026 Logystera. All rights reserved.