A plug-in that checks (detects and confirms) WordPress site tampering, hijacking, hacking, malware, and virus infections.
WordPress Doctor malware scanner plugin is that checks and detects WordPress site codes from 3300patterns of malicious code (malware, virus, falsification, hacking damage) .
Malware patterns are constantly updated on our servers and can be detected with the latest pattern definitions.
WordPress Doctor: Malware scan is a plug-in that not only detects tampering, but also determines whether hackers embed malicious code .
Table of Contents
- A plug-in that checks (detects and confirms) WordPress site tampering, hijacking, hacking, malware, and virus infections.
- WordPress with top-class security features that prevent hacking
- Malware scanner plug-in overview
- Security improvements
- Remove or delete WordPress malware
- WordPress vulnerability testing
- Block hacker activity before tampering
- How to install and use the malware scanner plugin
- Can I switch the screen during scanning?
- Plug-in usage requirements
WordPress with top-class security features that prevent hacking
The plug-in has 26 easy-to-use WordPress security enhancement function that can be used free.
This is one of the most powerful security plug-ins that can also prevent hackers from entering and detect malware.
Malware scanner plug-in overview
Scan entire WordPress site files with latest malware definition patterns
WordPress Doctor’s cloud server stores the latest malware patterns that are increasing every day.
From this patterns this plugin scans WordPress files and investigates and detects files that have been tampered by hackers.
When WordPress is hijacked, you can check the location of the file and where it has been tampered with.
Pattern match, definitive diagnosis
the test results are displayed in two stages as a pattern match(Programatically search files for malware code) and definitive diagnosis(If the detected location has already been identified as an malware code by a specialist).
Detection position highlighting
Auto scan, email notification
The WordPress Doctor Malware Scanner has a powerful site security enhancement feature that you can use for free.
Also, this function can be easily set by anyone just by checking.
Blocks login for 10 minutes after 3 repeated login failures. This function can reduce the risk of hacker incursion by a brute-force attack on the login display.
Password reset captcha
Displays captcha on the password reset display to prevent hacking that utilizes fragility of mail transmission program on the display.
Change login page URL
Prevents hackers from accessing the login page by changing the login page URL.
Login log function
You can save up to one month of logins with administrator privileges to check for unauthorized logins.
Prevent leakage of WordPress version (This plug-in only original function)
Hackers try to find out WordPress version to utilize the fragility. Hides the information by disabling meta generator output and query (numeric variable of the version which is given to CSS or JS read into HTML).
Protect important files
Prevents any access to htaccess and wp-config.php
Protect server information
Prevents any access to readme.html, license.txt and wp-config-sample.php which consist WordPress or plugins and may contain version or server information. Also restricts server signature which outputs server information.
Prohibit display of Index list
Disables display of file list when accessing a directory which does not contain any index file, such as Index.html.
WPSCAN is a fragility checker for WordPress which is used by many hackers for a pre-survey. Hides version information or block certain IP for a while when the IP tried to access specified file, to disable WPSCAN.
Ban brute-force attack IP to XMLRPC and wp-login
Disables accessing for 3 hours of the IP which tried to access XMLRPC or wp-login for more than 50 times in 10 minutes. Since this function detects only excessive access, it can be used with Jetpack and also reduces the load of the website by preventing brute-force attack.
Permission (write permission of files)
Prohibit editing of themes and plugins
Disables editing of themes and plugins from the administration display.
Protect author information
Prevents WordPress from outputting user information based on accesses from a particular query, such as /?author=1.
Disables Pingback; notification function of WordPress, which has a risk of being utilized for high-intensity attack with multiple accesses or of information leak about username, etc.
Prohibit REST API
REST API is loaded into WordPress 4.7 or later which enables outside posting, information aquisition, modification and addition of posts, etc. However, it has great fragility in some versions and may be subjected to other misuse in future.
Its function is utilized in some famous plugins such as Jetpack and ContactForm7, therefore disables all Jetpack and ContactForm7 functions except REST API.
If enables its function while using REST API in other plugins, some kind of malfunction may occur.
Prohibit Trace & Track
Prevents attacks utilizing Trace & Track function of the server (unique processing method of requests sent to the server) such as HTTP trace attack (XST) and cross site scripting (XSS).
Include file protection, Block danger query
Protect direct access to include php files in wp-include folder and other. Block danger queries that contains script tag or GLOBAL or mysql queries.
Prohibit comment posting via proxy
Prohibits comment posting via proxy by judging from header information unique for the proxy users.
Comment form captcha
Prevents automatic comment posting by adding captcha to the comment form. It may not be displayed in particular themes which display customized comment form.
Prohibit comment posting by spambots
Spambot is a program which posts comments automatically and does not have any referrer. Prevents comment posting by spambots by disabling posting from viewers who have no referrers.
Block any IP
Remove or delete WordPress malware
In addition to the malware detection, you can remove and delete detected malware and viruses from the WordPress management screen.
* When removing malware, please be sure to check the “Notes on removing malware” displayed on the plug-in screen.
WordPress vulnerability testing
The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.
CSVV 7.5 points or more are vulnerabilities that enable extremely dangerous activities on the site that can be used to rewrite the database or tamper with the file without authentication outside the site.
These vulnerabilities may be the entrance to repeated site tampering.
Block hacker activity before tampering
Hackers exploit PHP functions using backdoors and vulnerabilities to send malicious code remotely.
This is a feature that allows hackers to monitor and prevent activities before sending malware to the site for tampering. If you use this function, you can detect and block immediately before tampering.
Blocked hacking activity is recorded with the hacker’s IP, so it is possible to completely block hackers using this IP.
* You can use this function by subscribing to the latest malware patterns.
How to install and use the malware scanner plugin
Once the malware scan ZIP file has been downloaded, save it and click on Plugins> Add New> Upload Plugin from the WordPress administration screen.
Select the ZIP file downloaded and click Install Now to activate the plugin.
* It can also be installed by unzipping the downloaded ZIP file and uploading it to the wp-content / plugins / folder with FTP software.
2 Scan for malware
The following settings can be made from the “Settings” tab.
● Automatic scan and automatic scan start time (may be executed multiple times from the start time until all files are scanned)
● E-mail notification when detect malware (e-mail notification is not performed by default)
● Display alerts at the time of detection on the dashboard of the management screen
Auto scaning does not start at the scheduled time.
Auto scaning of malware scanner uses the auto-execution function of WordPress. This function is triggered only when there is an access to the website.
If there is no access in the scheduled time zone, execution of auto scaning may be delayed.
SCANNING TAKES TOO MUCH TIME.
The execution time of malware scanning depends on the number of files. If there are a lot of files to be scanned, scanning may take several minutes at least, or more than 10 minutes to complete.
Can I switch the screen during scanning?
Scanning will be stopped, but the files are scanned properly and are recorded up to that point. Please restart scanning or wait until auto scaning is completed.
Login captcha is not displayed, or captcha value is not accepted.
Due to using Jetpack single sign-on function or caching plugin together, cached login screen without captcha or login screen including old captcha (captcha is generated at every access to the login screen for security) may be displayed. In this case, please create a URL as follows and try to access.
http://URL of WordPress/Changed login URL?jetpack-sso-show-default-form=1
If you have changed wp-login.php and login URL with a caching plugin, it is recommended not to cache the changed URL.
What if malware is detected?
When a malware is found by scanning only with pattern matching, there is a possibility of misdetection. Please consider waiting until the code is reviewed.
Please note that the website has been tampered when some files are judged as malware as a result of definitive diagnosis of individual files.
Removal of malware requires technical knowledge. It is recommended to ask an expert, but pay attention especially to the following points when you manage it by yourself.
● If the malware is infesting the file originally consists WordPress, please delete only the tampered parts carefully.
● If the file is not a regular file of WordPress, the entire file can be deleted without any problem.
However, if the tampered file is read by another tampered file, deletion of the tampered file may cause errors to the caller and may lead to malfunction such as undisplayable website. In that case, investigation of the caller and deletion of its tampering are required.
Plug-in usage requirements
WordPress version: 4.3 or higher (4.5 or higher recommended)
PHP version: 5.3 or higher
Disclaimer: We do not guarantee the accuracy of the result of WordPress Doctor: Malware Scan Plugin. In addition, we are not responsible for any damage to users, other indirect servers, any items, or data by using this tool. In order to scan the malware found by us after installation, you need to subscribe the malware definition. Please use WordPress Doctor: Malware Scan Plugin with kind understanding and acknowledgement that it acquires a part of inspection data for the purpose of accuracy improvement.