New to the community? Start here

My plugins keep randomly getting deleted

Every now and then I sign in and go to the plugins page and it tells me that the “plugin has been deactivated because the file doesn’t exist”.

It happens randomly with Wordfence, iThemes, and WooCommerce on your hosting.

I’ve discovered that iThemes has been deleted yet again, so I want to figure out what’s going on.

Fri, 14 Feb 2020 7:25:41
  • Patrick Freitas
    • FLS

    Hi Greg

    Hope you are doing well.

    Sorry to hear you are having this problem.

    I checked the staging website but the plugins still working fine there, I also can see no debug log is being generated for the staging. The Query Monitor or advanced cron plugin doesn’t show any query that could cause the plugins problem.

    However, I can see new logs on the live site for missing PHP files, can you verify if the plugins keep being removed from the live site, and if so, wouldn’t you mind to send us the WordPress credentials for the live site and we can take a closer look?

    Note: Don’t leave your login details in this ticket.

    Instead, you can send us your details using our contact form https://wpmudev.com/contact/#i-have-a-different-question:

    Subject: “Attn: Patrick Freitas”

    – Site login URL:

    – WordPress admin username:
    – WordPress admin password:

    – Link back to this thread for reference

    – Any other relevant URLs/info:

    Please, reply to the ticket once you have sent the information.
    Best Regards
    Patrick Freitas

  • Patrick Freitas
    • FLS

    Hi Greg

    Sorry to hear you still having this problem.

    Could you install the iThemes Security plugin back?

    I couldn’t find any log that can indicate what is causing the problem, however, I will be escalating to our Hosting Second Line Support to check this for you.

    Please, let us know when the plugin is installed and activated back.
    Best Regards
    Patrick Freitas

  • Panos
    • SLS

    Hi Greg ,

    The only way that plugins/themes could be deleted is either by
    1. deleting it manually, either from admin or via ftp/ssh. If this was the case you would be aware though.
    2. I see you are using WordFence which has a file-scan feature. Are you aware of using the file-scan feature and deleted a file from there? Defender has a similar feature too in case you tried that in the past. By deleting a file from a plugin, via file scanner, it will delete the entire plugin so it doesn’t crash the site.
    3. Any automated feature, similar to our Automate, that would try to update a plugin but for some reason the update wasn’t completed. I don’t see any records in our Automate but not sure if you ever used something similar.
    4. A final possibility would be a manual plugin update going wrong. For example updating WC manually that for some reason didn’t complete or some . Very unlikely to happen though.

    There are no other ways that would delete plugins, at least of what I can think off.

    From the above I would roll out the first one as you would know of that. I would also expect 3 and 4 as very unlikely to happen. There most be something really wrong on a site for that to happen. The scenario with file scan is pretty possible, as it might not be clear that the entire plugin will be removed.

    Do you remember running such file scans and deleting files with that?

    Also as Patrick mentioned, you can re-install those plugins and we could add some hooks that will log dates when eg the deleted_plugin action was triggered:

    add_action( 'deleted_plugin', function( $plugin_file, $deleted ){

	if ( $deleted ) {
		$datetime = date( 'd-m-Y H:i:s' );
		error_log(
			"[{$datetime}] Deleted plugin {$plugin_file}\n\n",
			3,
			WP_CONTENT_DIR . "/temp-debug.log"
		);
	}

}, 20, 2 );

    The above snippet should add the date and plugin path in a file wp-content/temp-debug.log, whenever a plugin is deleted using wp core’s functions to delete a plugin. If plugins are still deleted but not logged, it means that some other plugin may be using eg unlink at some point.

    Kind regards!

  • Greg
    • The Crimson Coder

    Hi all, thanks for the replies. I have re-added and activated iThemes Security Pro, though obviously there’s no way for me to “trigger” the issue. I’ll certainly let you know if it happens again. Are you wanting me to add that snippet to functions.php? I am not currently using the parent site of the multisite network where this is happening, so it’s currently a default theme.

    This has happened many times and I’ve never done it manually. Yes I have Wordfence as well because I find that it’s scanning is much better than iThemes (and Defender – sorry), but am not sure why scanning the site would remove a plugin, and I use these same plugins on 30+ sites that are not on your hosting and it has never happened elsewhere, yet it’s happened on all of the sites that I’ve put on your hosting. In the past, Wordfence, Woocommerce, and iThemes Security have all randomly deleted themselves at some point – I think those have been the only three, and it happens to iThemes by far the most.

  • Panos
    • SLS

    Thanks for the feedback Greg !

    and it happens to iThemes by far the most

    Do you have an estimate of how often? Would it happen once a week or once a month? If it’s once a month it’s even harder to check what triggers it.

    yet it’s happened on all of the sites that I’ve put on your hosting

    We don’t have anything in our host that would delete any files, I have also consulted with our Hosting team about this to be sure and confirmed that there isn’t anything from host’s side that would delete files.

    Are you wanting me to add that snippet to functions.php?

    That snippet can be added in a mu-plugin instead of a theme, so it will still load no matter what theme is active. I can do that if you agree, however not sure how efficient that would be, it will only log actions when a plugin is deleted using WP native function. It is very likely that whatever action is deleting plugins might call php’s unlink or rmdir functions for example. Only way to make sure is to de-activate plugins and wait until this happens again, I’m not talking about plugins that have an impact on member’s experience on your site, like WC, but plugins that work in the background.

    I just noticed that you have a plugin ManageWP – Worker, which I think can also delete plugins. This plugin is also not going to cause issues on your site if we deactivate it temporarily. So I would start with the Worker plugin, and leave it de-activated for a period that you can estimate is good enough. If one of the plugins still gets deleted then it should be some other plugin.

    but am not sure why scanning the site would remove a plugin

    I mentioned the scanning feature of Wordfence, as it is very likely to provide an option to delete files that are scanned and marked as potentially malicious. Some plugins may contain php code that are found to be malicious. This could be a false positive but non the less there is an option to be deleted. If an admin decides to delete those files then it might be the reason plugins are missing.

    Something else would be to keep an eye when plugin updates occur and on each plugin update it would be good to check if any got deleted.

    Let me know if you agree with that :slight_smile:

    Kind regards!

  • Greg
    • The Crimson Coder

    Hi Panos,

    I believe you, but I have no idea what could possibly be causing it. I manage updates for these sites without logging in, sometimes from the Hub but usually with ManageWP which is the reason for the Worker plugin you mentioned. Because of that I rarely log in, so I only notice it randomly if I happen to log in and notice that the menu item for iThemes is gone, at which point I visit the Plugins page and get the red “This plugin has been deactivated because the file does not exist” error. Then I re-install it and all my settings and license key are still saved just fine. I’ve scanned it a zillion times and looked through the normal WP directories to see if there’s any evidence of a hack or something but nope. I run all my other sites on the same version of PHP as on your hosting, literally the only thing I can think of is that your hosting is Nginx (I believe) and my other hosting is Apache. But I can’t imagine why that would cause such a thing, especially since I always do my due diligence before installing plugins to make sure they’re from reputable developers. It wouldn’t necessarily surprise me if something in my own themes or plugins was causing the issue but I couldn’t begin to know how to figure that out. I’ve just checked and it seems iThemes is still there for now. I guess all I can do is wait for it to happen again and come back to let you know when I notice it.

  • Panos
    • SLS

    Hi Greg ,

    Sorry, I missed your reply and just realised that you mentioned that it happened again after doing some housecleaning. Did you insert that snippet shared above? In case you did, if that plugin was deleted using WordPress’ core functions (eg triggered by clicking the Delete option in plugin’s list), there should be a file in wp-content folder named temp-debug.log. That file should contain date that this specific action happened.

    If you added that snippet but the file does not exist then it means that it was deleted using other php functions which we can’t monitor. If there was a WordFence scan though, perhaps we could check if there is a hook so that we can use a similar snippet, that will log actions when files get deleted via WordFence.

    I’ll have a look on WordFence free version and let you know if I find such a hook.

    Kind regards!

  • Greg
    • The Crimson Coder

    Hi Panos ,

    No worries. I am currently chatting with someone on the chat because one of my sub-sites wasn’t loading, and he eventually figured out that WooCommerce was the issue. After some investigation we found that random files and folders from inside the plugin had been randomly deleted. The main WooCommerce plugin and folder still existed, but parts of it were missing. After deleting it and re-installing it, everything was fine.

    So it seems that the issue isn’t that plugins are getting fully uninstalled, but rather that somehow some of them are getting deleted directly. I’ve run several scans and haven’t found any evidence of hacking or security issues.

    I use ManageWP to run updates on like 30 sites, but I’m going to try deactivating it on this site (although I can’t remember which site is associated with this ticket…:wink: and see if that helps. I can’t imagine why it wouldn’t work on this site but I’m out of ideas.

  • Panos
    • SLS

    Thanks for your feedback Greg ,

    Not enough info to see what’s going on. I had a look in WordFence but the only hook I found is the ajax action where we can check if action selected is to delete. I am not sure that it will help much, but here is a snippet that will keep logs whenever wordfence’s “Delete all Deletable files” button is clicked:

    add_action( 'wp_ajax_wordfence_bulkOperation', function(){

	if ( ! isset( $_POST['op'] ) || 'del' != $_POST['op'] ) {
		return;
	}

	$wfIssues = new wfIssues();
	$issueCount = $wfIssues->getIssueCount();

	$msg = "Delete Operation Started\n";

	for ( $offset = floor( $issueCount / 100) * 100; $offset >= 0; $offset -= 100 ) {

		$issues = $wfIssues->getIssues($offset, 100, 0, 0);

		foreach ( $issues['new'] as $i ) {
			$file = $i['data']['file'];
			$localFile = ABSPATH . '/' . $file;
			$localFile = realpath($localFile);

			$msg .= "File: {$file} - {$localFile}\n";
		}
	}

	$date = date( 'd-m-Y H:i:s' );
	error_log( "{$date} > {$msg}\n\n\n", 3, WP_CONTENT_DIR . "/wordfence-debug.log" );

} );

    It should create a new log file wp-content/wordfence-debug.log where it should list any files that are set to be deleted by WordFence. It could be useful if a missing file matches one of those in that log. As I said I don’t think that this is the case as it requires manually to click that button, but worth the shot since I don’t really have any other ideas.

    If you decide to use that snippet, you can use it in a mu-plugin as previous one.

    Kind regards!

  • Greg
    • The Crimson Coder

    Thanks Panos , I’m suspecting there was some issue with ManageWP so I’ve disconnected it and I’m going to let it sit for a while and see if I see the problem again. If so then I’ll try your snippet and hopefully somewhere along the line we can get to the bottom of it. Truly bizarre.

  • Greg
    • The Crimson Coder

    Update:

    I disconnected my WPMUDEV-hosted sites from ManageWP and it hasn’t happened again, so I’m wondering if there’s some reason that external tools like that are unstable when connecting via your hosting?

    It seems to have happened again today, but this time with a new site on your hosting (cordonatoeditionis.com) – I got a notice from the hub that the site had gone down and while investigating with someone on the chat, found that some files in Wordfence were missing. This seems to have happened when Automate tried to update Wordfence. Automate ran a backup, which appeared to be successful, and then failed because the site went down.

    So the ONLY pattern I can see with this is that your hosting doesn’t seem to play nicely when I try to use an external tool to update the plugins. Maybe it’s getting blocked by the security plugins, but again, this hasn’t ever happened on any of the 30+ sites I have on another host that all run the same security plugins with the same settings.

    The other pattern is that all my other sites are Apache while yours is Nginx – could there be something there? Perhaps some security thing that I’m not aware of that Apache doesn’t have?

    I really have no idea but it’s getting severely frustrating.

  • Panos
    • SLS

    Thanks for all this feedback Greg and so sorry for missing this, I just noticed I missed your response.

    Apache vs Nginx shouldn’t have any difference about this. We also don’t have any other similar cases so it has to do probably with a combination of Automate and ManageWP. I doubt that ManageWP on it’s own would have issues on our host, on the other hand I really don’t have much experience with that service. But if used in combination with automate I would expect something breaking in case they both try to alter files at the same time.

    For now I would suggest to keep either Automate or ManageWP, which ever you prefer. If that still happens then you can switch to the other automation tool or deactivate them both.

    Kind regards!

  • Scott
    • WPMU DEV Initiate

    FYI this has recently been happening to some of the sites I am managing as well. I haven’t been using Automate or ManageWP and am hosting my sites on my own dedicated server. I do most plugin updates via WPMU Dashboard and have been noticing that the files in the WP Defender often get deleted but not the folder itself. I have to delete the folder in order to install the plugin again. Something really fishy going on. Not even sure how to troubleshoot because it seems so random.

  • Greg
    • The Crimson Coder

    Scott – Not sure if you’re the person I chatted with in a Facebook group but if not then there’s someone else as well who I told to get in touch with WPMUDEV support about it.

    I haven’t seen the issue since disconnecting all my WPMUDEV-hosted sites from ManageWP and using Automate for them, but it’s very possible that I simply haven’t noticed. Automate seems to have a lot of trouble updating Pro plugins — it almost never manages to update ACF Pro or WMPL Pro, or a few others that aren’t in the WP plugin repo, even though they update just fine when I later try it from the WP admin. But in those cases I log into the site, go to the “Update” tab, and run the updates manually, whereas before when I noticed the deleted files it was because I went to the “Plugins” tab and got the “plugin has been de-activated because the file does not exist” error, which I haven’t done recently.

    So I have no idea what’s going on either. I’m a big fan of WPMUDEV but the sites I host here and manage with the Hub do tend to be the problem children when compared to the sites I host elsewhere and manage with ManageWP. If there’s some sort of monitoring plugin I can use to keep tabs on whether plugin files get deleted, I’m down with installing it for a while.

  • Scott
    • WPMU DEV Initiate

    Thanks for the reply Greg. No, I wasn’t the person on FB, but glad to have found others also having the same issue. I agree that Automate often fails with pro plugins and I also update them manually after logging in to each site. That’s exactly how I discovered the missing plugins too, by seeing the warning on the plugins page. Makes me wonder if I should disconnect the sites from WPMU and not even use Automate. If I come across a way to monitor if a plugin folder’s contents have been deleted I will definitely post back here.