There have been an increasing number of cases of web shells, a type of WordPress malware, becoming more sophisticated in recent years. We will explain about web shells.


What is a webshell?

A web shell is a malware that is, so to speak, a toolkit of tools that hackers can use to conduct unauthorized activities on a server.
Web shells are often stand-alone files with various functions packed into them.

Major functions that may be included in a web shell

Examine folder structure
Adding and deleting files
Change the write permissions of a file
Tamper with another file
Rewrite a database
Sending malformed e-mails
Embed arbitrary JAVASCRIPT code

etc.

How is the web shell embedded in wordpress?

60% of the reasons why WordPress is tampered with are vulnerabilities in old plugins or programs in WordPress itself. The other 20% or so will be a breach of the password for WordPress administrator privileges.

Hackers use hacking tools to try to exploit vulnerabilities in one WordPress site after another, and once they are in, they embed dangerous programs such as the web shell mentioned above into the site.

Reference
Percentage of WordPress sites that are hacked

What kind of program is Web Shell?

Most web shells have a process called obfuscation that prevents the contents of the program from being read.

*Examples of obfuscated malware

Unobfuscation Service
http://php-decoder.site

Web Shell Detection

Web shells are not always easy to find because they can be hidden in folders deep within WordPress or regulated in general files.
WordPress typically contains thousands of program files, which can be difficult to locate manually.

Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

If you have any malware, please use a malware scan plugin such as [Free] WordPress:Malware Scan & Security Plugin [Malware & Virus Detection and Removal].
Please try it.