Sometimes website owners do not want to continue to own a domain name and allow it to expire without attempting to renew it.
This happens all the time and is perfectly normal, but it is important to remember that attackers regularly monitor expired domains and may target specific domains that meet certain criteria.
Domain providers can be a great choice
This script was recently detected with its inactive plugin visual-website-editor and the domain tidioelements [.] Com. The incident was reported by the owner of a website on the Sucuri blog who encountered suspicious activity while using it.
The attacker's strategy is based on the fact that some sites may still have the plugin installed and enabled and continue to load resources from the expired domain.
This plugin is no longer available in the WordPress repository.
Intruders were able to take advantage of the expired domain to upload arbitrarily content, which underlines its importance information all of software and remove any old plugins that are not actively used in your environment. Another important tip is to use only official and trusted resources sources.