All security improvement functions are available free of charge, including 21 items (Login LockDown, Login captcha, Password reset captcha, Login log, Protect author information, Change login page URL, Prevent information leak about WordPress version, Protect important files, Protect server information, Prohibit display of Index list, Prohibit WPSCAN, Prohibit access from brute force attack IP to XMLRPC and wp-login, Inspect permission (write permission for files), Prohibit editing themes and plugins, Prohibit Pingback, Prohibit REST API, Prohibit Trace & Track, Prohibit comment posting via proxy, Comment form captcha, Prohibit comment posting by spambots, IP blocker , Include file protection, Upload folder protection, Block danger query) other than the above.
WordPress Doctor Malware Scanner & Security v1.9 or later scans files as well as databases for all patterns and detects and removes any malicious code.
There are two types of malware: those that parasitize PHP files and send backdoor programs, spam, redirects, etc., and those that write directly into the database.
The most common malware type for databases is redirection hack.
This test checks for the most dangerous vulnerabilities (CVSS V 7.5 points ~) in WordPress and plugins.
※The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes. Vulnerabilities are detected from the data in the database of NIST, an international organization.
WordPress Doctor - Malware Scanner & Security has a world’s first function that blocks hacking activities before infection to malware.
. Once hackers find fragility of a website, they will build-in a backdoor to tamper the website again even if the malware is removed. This function will block malware codes by catching them at the time they are sent, and log the hackers’ IPs.
＊You can activate this function by subscribing the latest malware patterns.
files a day can be checked with the high-speed scanner.
malware (tampering) patterns can be detected.
sites installed & trusted our plugin.
Auto scaning of malware scanner uses the auto-execution function of WordPress. This function is triggered only when there is an access to the website.
If there is no access in the scheduled time zone, execution of auto scaning may be delayed.
The execution time of malware scanning depends on the number of files. If there are a lot of files to be scanned, scanning may take several minutes at least, or more than 10 minutes to complete.
Scanning will be stopped, but the files are scanned properly and are recorded up to that point. Please restart scanning or wait until auto scaning is completed.
Due to using Jetpack single sign-on function or caching plugin together, cached login screen without captcha or login screen including old captcha (captcha is generated at every access to the login screen for security) may be displayed. In this case, please create a URL as follows and try to access.
http://URL of WordPress/Changed login URL?jetpack-sso-show-default-form=1
When a malware is found by scanning only with pattern matching, there is a possibility of misdetection. Please consider waiting until the code is reviewed.
Please note that the website has been tampered when some files are judged as malware as a result of definitive diagnosis of individual files.
Removal of malware requires technical knowledge. It is recommended to ask an expert, but pay attention especially to the following points when you manage it by yourself.
● If the malware is infesting the file originally consists WordPress, please delete only the tampered parts carefully.
● If the file is not a regular file of WordPress, the entire file can be deleted without any problem.
However, if the tampered file is read by another tampered file, deletion of the tampered file may cause errors to the caller and may lead to malfunction such as undisplayable website. In that case, investigation of the caller and deletion of its tampering are required.
Please feel free to send us your opinions, feedback, and questions.