Apps make our lives easier but WordPress has gone a whole other level of hacking. Initially, WordPress was great and the apps were legit. Still there are plugins at the WordPress suppository which are 54% untrustworthy. They are riddled with malicious code. Always review the quality controls of any apps or plugins you use. Also review the code. You do not need to know programming language to see something in code that shouldn't be there. That would be a big red flag to the app or plugin.
Key Takeaways:
Fake WordPress plugins are sometimes built solely to infect websites.
Always review your code, theme, and plugins for quality purposes.
Use vulnerability scanners, security plugins, WPScan Vulnerability Database, and review your site after installation.
“Hackers who go to the trouble of building a fake WordPress plugin know what they’re doing.”
Read more: https://premium.wpmudev.org/blog/fake-wordpress-plugins-what-you-need-to-know/