Two observations/feedback after fighting malware all week

  • Ash

    (@ashmetry)


    9 years ago

    I’ve been fighting malware all week on my server. Wordfence was a huge help however I made few observations that I wanted to relay back. I used the free version so I’m not sure if the paid offers more.

    1) I had everything checked under “Scans to include” and few files were still missed. Mostly with premium plugins or custom themes or child themes that are not found in the WP repository. I understand it’s hard to compare these files since there is nothing to compare them to. But I expected to find something in the output report that tells me that PLUGIN XYZ and THEMES ABC were not scanned because they are not in the repository. Something that tell me where to do a manual check instead of the all green & you’re safe message which was misleading in this case.

    2) It would be nice to have an option to scan php files for excessive use of chr(..) and eval(..) commands. I noticed that most files contain these functions to “glue” strings together. Granted, searching is bound to create false positives but maybe a flexible tolerance set by the user can be configured. I blogged about how I cleaned the files missed by WF here: https://ametry.com/ash/linux-commands-to-help-find-malware/

    Hope this helps the next person and help make your great plugin better.

    https://www.ads-software.com/plugins/wordfence/

Viewing 1 replies (of 1 total)
  • SooBahkDo

    (@soobahkdo)

    Hi Ash,

    Great idea about adding a feature to distinguish the scans results for premium, non-repository code from the scan results of WP repository code that can be compared for changes or infection.

Viewing 1 replies (of 1 total)
  • The topic ‘Two observations/feedback after fighting malware all week’ is closed to new replies.

Tags