Have you been experiencing these classic signs of a compromised WordPress? It’s possible that your site has been hacked. Typically a hacked website is infected with malware and backdoors by hackers. To fix this situation, we must first find this malware and backdoors and then proceed to clean the site. In this article we will explain how to scan malware and find backdoors on your website.

What are malware and backdoors?

Malware is an umbrella term used for a number of software like viruses, Trojan horses, ransomware, adware, spyware, etc. These are specifically designed to damage a website or use the site to execute malicious activities on the internet.

What happens once a website is infected with malware?

Once your website is hacked, your online reputation and traffic take a hit. You can clean the hack, but it’s distressing when it keeps getting hacked over and over again. A majority of the time, the reason is a ‘backdoor.’ A backdoor as the name suggests is like a rear door that enables a hacker to access the website. It is hidden from the website owner therefore hard to find.

In past, having a WordPress site used to be reserved for a developer! Not anymore. More people today are using the internet than any time in the past. Hundred of thousands of new sites are sprouting every day. This has substantially increased the rate of cybercrimes. Once a while a big malware attack ripples across the world but hundreds of WordPress sites are attacked every day. That explains why your site (which may be an insignificant part of the web) becomes a target. And once your site is hacked, it’s very likely that the hackers will create a hidden backdoor so that they can infiltrate your site after it has been cleaned. Therefore only cleaning malware infected files won’t guarantee that your site has been secured. You must also weed out the backdoors hidden by hackers.

How to find malware and backdoors on a WordPress website?

Scanning to find malware and backdoor that exists in a WordPress website can be done in two ways: One is manual scanning and two, is auto-scanning. Let’s find out how these scans are done and if one is better than the other.

Manual Scanning

In the past, there were only a few places in a WordPress site where hackers would hide malware and backdoors. The WordPress core was one such location. One could easily look at the popular locations to find a malicious code hiding there. But hackers have evolved since then. Today malware could be located anyway in a WP website making it nearly impossible to manually search and find them. Moreover, hackers have learned to hide malware by obfuscation of code.

The presence of eval, base64_decode is the sign of a hacked site. To hide this, hackers make the code unidentifiable or complex. For instance, base64_ becomes b’.’a’.’s’.’e’.’6’.’4’ which is impossible to identify using the signature matching procedure. A scan would return unmatched because the code has been muddled.

When it comes to manually find and cleaning backdoor, a word of precaution. Backdoor codes are commonly stored in places like themes and plugins. The reason hackers choose these places is that one, people usually don’t look at them, and two, they don’t often update plugins, therefore, the bad codes remain as they are.

Sometimes malicious codes are disguised as a plugin installed on your WordPress site. When manually searching, you are trying to find a code matching a malicious code like base64_decode. But, you’d be surprised to know base64 and eval codes are also used in plugins and cannot be blindly considered malicious.  

Automatic Scanning

One can use WordPress security scanner that can automatically run a scan on a hacked WordPress site. But there is a catch here. Not all scanner are the same. While some scanner skims through the website looking for known malware others, offer deep scanning technology which is able to find new and complex malware. How do they do it?

Weak scanners have a set of pre-existing malware. While scanning they look for similar malware on a website and upon finding one they raise an alarm. Deep scanners like that of MalCare, goes beyond just matching existing malware. MalCare transfer all files from your website onto it’s own server and whenever a new file is added to your site (like posts, comments, plugins, etc), the security service transfers the new files onto its own servers. That way it is able to investigate all new changes made on a website. When other scanners are inefficient in locating hidden malware, deep scanners are able to pinpoint the exact location because it keeps track of the all the changes made on your site.

Moreover, deep scanners have certain technologies in place that enables it to find new and complex malware. For instance, MalCare monitors hundreds of thousands of websites online and using that collective intelligence; it’s able to find a new and complex form of malware on a website.

Since the scan is accurate in identifying malware and pinpointing its location, user experience a low rate of false alarms. You are only notified when there is an actual malware so that you can immediately begin the cleaning process.

Over to You:

In the past, manual scanning and cleaning WordPress sites were easy because there were only so many places hackers could hide malware. And malware was simpler, easy to identify. However, things have changed, hackers have become smarter and hacks have become more complicated. To address this issue, security solutions like MalCare has developed advanced technologies that can not just identify a malware but also pinpoint its location on a WordPress site. Cleaning too is just a matter of a few clicks. We’d suggest that one shouldn’t even wait for hackers to compromise a site and actively take steps to secure their websites. After all, prevention is always better than cure. Security solutions are equipped to handle hack attempts. Have a look at this post on the things you should be aware of when buying a security service?