We have received several inquiries about the “Detected Unauthorized Access List” feature of the WordPress Doctor Malware Scanner, so we will explain it here.

The function of the plugin to visualize unauthorized access to WordPress

Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal] has,
More advanced blocking of hacker IPs > Ability to view a list of detected unauthorized accesses.

What is displayed in this function is a record of unauthorized access enforced by hackers.


This unauthorized access is recorded when a non-existent PHP file or some data is sent to AJAX, the back-end process of WordPress.

Therefore, the fact that an unauthorized access is recorded here does not mean that the attack was successful.

Why are unsuccessful unauthorized accesses recorded?

Hackers who hack WordPress often hack WordPress sites using tools that try attack after attack on various known vulnerabilities.

Therefore, they repeat the attacks that would be successful if WordPress had a vulnerability, in a round-robin fashion, on tens of thousands of sites.
This is why unauthorized accesses that are not vulnerable (and are not successful) are recorded.

Many people may be surprised because unauthorized accesses have been recorded, but such unauthorized accesses are made daily to any site as long as it is a site that is caught by search engines.

Take basic security measures to prevent unauthorized access from succeeding!

You may enable the blocking function mentioned above, and if you take basic security measures to prevent such vulnerability attacks from succeeding, 99.9% of all WordPress sites will not be hacked.

We recommend that you check your security measures and take them on a daily basis, referring to the article ↓.
Reference
5 free WordPress security measures