We will explain why WordPress has been tampered with but various tests show ‘nothing abnormal’.
Why file diff plugin shows no abnormalities in malware detection plugins even though malware infection is obvious.
There are cases where a site has obvious malware symptoms (*) and is determined to be tampered with by Google search or online inspections such as Sucuri, but the difference detection plug-in or the malware inspection plug-in shows no abnormalities.
Typical malware symptoms include the following
– When accessing the site, the user is automatically redirected to another site.
– Logging in to the administration panel or certain pages become inaccessible with a 403 error.
– A large number of malicious pages are being trapped in Google searches.
– Unauthorized users are being added to the site.
– A large number of spam mails are sent out.
etc.
1 Reasons for no abnormality with the Difference Detection Plug-in
There is a type of security plugin that records and monitors changes in WordPress program files. However, since WordPress rewrites a huge number of files through updates, the number of such files may be inflated and even those containing malware may be classified in the white list, or tampering may have slipped through the filter of the differences to be detected.
Some malware may add a large number of new lines and embed the tampering at the bottom so that the tampering is not apparent at first glance, in order to prevent detection by these difference detection plug-ins.
Also, in general, this type of plug-in does not detect database changes.
Although it is a small percentage, malware may be embedded in the database.
2 Reasons why malware scanning and detection plug-ins show no abnormalities
WordPress malware (tampering) differs from computer viruses in that there are so many varieties of its code.
New varieties of WordPress malware are actively being created, and there are also many types of malware that randomly change the code obfuscation process and the way the code is written for each site, even for the same malicious activity.
For this reason, malware scanning and detection plug-ins may not be able to keep up with detection patterns for such new types of malware or malware with unprecedented types of obfuscation.
Keep your malware detection patterns up-to-date
Malware detection plug-ins may be updated with the latest malware patterns with each update. It is also common for the latest malware detection patterns to be available for a fee.
Typical Malware Detection Plug-ins
Wordfence
WP Doctor Malware scanner Pro: Malware scanner and security plugin
Anti-Malware Security and Brute-Force Firewall
We also recommend that you keep your plug-ins up-to-date and purchase the latest malware detection patterns if they are available for a fee.
Limitations of Online Malware Detection Sites
Online malware detection sites detect the resulting code generated by malware (tampering), so unlike WordPress plug-ins that perform internal inspection, they often cannot detect the tampered files themselves.
For this reason, the accuracy and number of detections are much lower. We recommend that you use not only an online scanner, but also a malware scanning plug-in that uses the internal scanning method as described above.
Typical online malware scanning sites
Sucuri Site Check
WP Doctor Online Malware Scanner
Quttera Web Malware Scanner
We hope you find this information useful.
This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.
