Dealing with the Results

Depending on the results you get, you need to deal with the potential integrity check fails and the files with the potential malware detections.

The plugin can’t make any changes to your website files based on these results! The results are presented to help you see potential changes to the website, but you need to take the action to rectify the found problems.

Integrity Scanner Results

This is related to failed integrity check, files and directories found where they should not be found, based on the checksum files. It is important to understand, that if checksum file exist for the WordPress Core or installed plugin, coreSecurity Pro will consider that checksum file as an absolute confirmation of the expected files and their checksums. Anything found outside of that, is considered added and not really part of the plugin or core.

  • If WordPress Core files are modified, the best course of action is to reinstall the current WordPress version (files only), either though WordPress Update panel, or manually.
  • If plugin files are modified, again, best course of action is to reinstall the affected plugins. Reinstalling plugin files doesn’t affect plugin data in the database.

Now, when it comes to the website and WordPress root directory, it can happen that some plugins will add files or directories that have legitimate use. Also, some hosting companies are know to add directories to the website root.

For any extra files or directories found in the website root, there is no clear recommendation on what you should do. If they are found, make sure to investigate their purpose before deciding to delete them. Do not remove any files or directories, unless you are sure what is going to happen after they are deleted.

Malware Scanner Results

Interpreting malware results is not always exact. If the files are marked as Critical or Major, that is usually a clear indication that malware is found. But, for Minor and Low score results, it is more likely that results are false positives.

  • If coreSecurity Pro detects malware, make sure to read the provided information, and understand that these results might be false positives.
  • Any malware detected in WordPress core files should be taken seriously, because from experience, all current detection patterns will not find any false positives in WordPress files, if something is actually found in website root directory, in wp-admin or wp-includes, your website is infected.
  • Any malware detected outside of plugins and themes should be investigated, because there should be no PHP files outside of these locations that can trigger detection patterns. It is possible, depending on the plugins you use or your hosting, that additional PHP files are added outside plugins or themes directories.

Automated malware scanning is not exact process, and results always need to be checked and confirmed by security experts. Taking action without understanding the results is not advisable!

Can the plugin remove the malware?

No.

Files infected by malware can’t be cleaned without the human involvement. Code can be used to detect malware based on the established patterns, but removing the malware requires understanding and reasoning that are way beyond the power of any current software.

  • If one file is infected by malware, the chances are more files are infected too. If you remove the malware from one file only, it is highly likely that file will soon get reinfected, because the malware/virus signature is stored elsewhere, and malware software usually has good replication methods that will attempt to stay hidden and if found out, to replicate self back to power.
  • Replacing infected file with the clean file can lead to either reinfection, if the malware replication is hidden elsewhere, or it can lead to the website failing to load, because some other infected file depends on the malware in the file that is restored.
  • Usually, it is required to understand how the malware actually works, and what is infected first, and how the infection was spread. If you don’t know all that, replacing files is not going to help.
  • Infection has to be removed from all the infected files at once, to prevent reinfection on the next website load.
  • Malware scanner can give false positive results, and it takes human code understanding to determine if the file is actually infected or not.
0
0
15
Rate this article

You are not allowed to rate this post.

Leave a Comment