Why did Akismet and Hello Dolly suddenly appear on my WordPress site?

Is the Hello Dolly plugin safe to delete after a WordPress update?

Troubleshooting Unexpected WordPress Plugin Installations

Discovering unauthorized plugins in your WordPress dashboard typically triggers immediate alarm. As a site administrator, your first instinct is to suspect a security breach or a malicious injection. However, the sudden appearance of Akismet Antispam and Hello Dolly is rarely a sign of a hack. These are standard artifacts often reintroduced during core updates or site migrations.

Identifying the “Intruders”

Before taking drastic security measures, you must identify what these plugins are. Both are developed by Automattic, the company behind WordPress.com, and are bundled with the core software by default.

• Hello Dolly: This is a legacy plugin created by Matt Mullenweg. It serves no functional technical purpose. Its sole function is to display random lyrics from the song “Hello Dolly” in the upper right corner of your administration screen. It acts as a symbolic tribute rather than a utility.
• Akismet Antispam: This is a functional security tool designed to filter spam comments. While useful, it requires an API key activation. Many European users—like yourself—disable it to comply with GDPR data privacy standards, preferring alternatives like Antispam Bee.

The Technical Cause: Migration and Core Resets

You mentioned a recent transfer of ownership and a restoration of backup files. This is the root cause.

When a server environment changes or a host performs a fresh WordPress installation before restoring your wp-content folder, the system frequently reverts to its default state. The standard WordPress installation package always includes Akismet and Hello Dolly within the /wp-content/plugins/ directory.

During your migration, the new owner likely performed a fresh install or a file restoration that merged the default directory with your custom backup. This process reintroduced the files you had previously deleted. Since these files reside in the plugins folder, WordPress detects them and lists them in your dashboard, usually in a deactivated state.

Action Plan for Administrators

1. Verify the Source: Ensure the plugin author is listed as “Automattic” or “Matt Mullenweg.” This confirms they are the genuine default files and not malware masquerading as system files.
2. Check Status: Confirm the plugins are deactivated. A standard core reset will not automatically activate them.
3. Remove Unnecessary Bloat: If you do not intend to use Akismet for spam protection, and since Hello Dolly offers no utility, you should delete them. Keeping unused code on your server increases the potential attack surface, however minimally.
4. Review Protocols: Update your migration checklists. Ensure that post-restoration audits include a step to remove default bloatware to prevent future confusion.

Your system remains secure. The appearance of these specific plugins indicates a file structure reset during migration rather than a vulnerability exploitation. You may safely delete them and return to your standard operating procedures.