Today, when online crime begins to surpass crime in real life, especially when your income depends on it, it is very important to learn how to protect you and your website. Anyone who owns a website may become a potential target, but those who use the standard WordPress (including the user name admin and regular password) will add a huge red eye on their backs, waiting for some lower level residents to visit and cause confusion. Why scan websites? The first step for a secure website seems to be to improve security. No one is allowed to do so from the beginning (we have discussed how to use a single plug-in to easily improve security), but your website may have been hacked. The
Malicious users may already be able to access your site. When we talk, malicious software may be hidden between your files. You may be completely in the dark because you didn’t take steps to warn what happened. When people think that the website has been hacked, most people will have typical damaged images in their minds. Sabotage is when a hacker replaces the content displayed on the original website with something else. It is usually a selfish boasting advertisement that advertises hacker pseudonyms. But in most cases, hackers visit websites and choose to wait for a while. Then start carefully implementing some malware or other malicious scripts on the site. Showing off that they have access is not their main intention. Their intention is much worse. The
They can be phishing for user names, passwords, e-mails or other items to be kept confidential. Allow visitors to insert scripts into websites to Malware \/ Trojans \/ viruses. Insert code to perform actions such as setting up backdoors, monitoring user activity, or stealing input from forms. Redirect visitors to sites that contain malware. One of the important reasons is that hackers can know your IP address (or use cookies to log in to the administrator area), instead of visiting their own websites, and only display your code. Because this is a normal site, you will think the site is good, but in fact, you can malicious software to damage the reputation of visitors. (for example, this may cause Google to de index and add it to the list of sites that chrome warns to visit.) The
Therefore, all this is as important as confirming that there are no malware or other threats on the website when WordPress security measures are implemented. Under the WordPress site scanning for malware and threats, we will learn about several different ways to find malware or other threats on the WordPress site. Method 1: using the \
Services to use: Aquarium detects viruses total quaterra these services are easy to use. Just enter the URL and click the scan button, and the service will automatically perform all tasks, so you don’t have to worry anymore. The problem with these services is that if the malware is on a hidden page (for example, through a link not listed in PageIndex (such as a WordPress dashboard), the page cannot be found. Sucuri said: \
Although the best efforts have been made, 100% accuracy is not realistic and can not be guaranteed. \
At the end of the day, as mentioned above, if the website checker is suspected of cheating on the website, this may be a good way to perform the initial check, but if you want to clean up the website after being attacked by hackers, it is not a good idea to keep it as it is. Method 2: there are specific plug-ins focusing on functions using the scanning plug-ins, but some WordPress security plug-ins such as wordfence also provide search functions. Usually, these plug-ins will look for known malicious code, but some plug-ins will go further and compare the files, themes and plug-ins of the core word press with the source code. Then, if a mismatch is found, a consistent list is provided. The
The wordfence setting automatically sets the core WordPress file to compare with the repository version and does the same for plug-ins and theme files. (if you suspect that the site has been compromised and 100% know that you have not changed the theme \/ plug-in file or the changes you have made, you will be actively recommended to do so.) Male word press installs external scanning options. This is a good idea because WordPress sites should initially be located on most sites in the domain. You can find the scan options to include in the wordfence options. For the first scan, the following options are recommended: The
According to the image volume of the website, you may not want to scan the image file as if it could run. When scanning theme and plug-in files, it should be noted that when using plug-ins, logs or other files may be included, which will change naturally compared with the source files. In addition, if you or your developers change the core file of the theme, it is also displayed as a warning. Therefore, do not panic even if the scan displays a warning as shown in the following figure. Please observe carefully. You may not remember changing a particular file, or you may not need to change the file when using it. Wordfence’s scanner is a good way to check your site for malicious code or threats. In fact, this is a plug-in used to completely clean up the website after being attacked by one of the WordPress websites a few months ago. The
Another benefit is that it also provides the option to sort problem files within the word press dashboard without concern for FTP or file management. This looks like the only plug-in to search all files, rather than a surface level malware search using one of the above web based scanners. Other scanning plug-ins available: theme authenticity checker: the plug-in will check all themes installed for malicious code and encrypted links that are not needed elsewhere, especially in the footer or elsewhere. Method 3: the main technique to manually find malicious code in word press files is to find inconsistencies in the code and file size of word press core, theme \/ plug-in files and repository files. A simple but time-consuming way to check for malware is to a new copy of the core, theme, and plug-in, and then compare the size and code separately. The
If you save the image uploaded to the blog in a cloud service, such as a folder on your computer or Dropbox, you can also check whether the image size is consistent. If you do not optimize the pre upload image, the file size may change during the upload process. The same is true when using the image optimization plug-in. This will cause most images to be different in size from the version not uploaded, regardless of whether there is malware or not. The problem with this approach is obviously how long it will take. For large sites with decades of visual content backlog, including images is completely unrealistic if you want to do it manually. The
company
