The CleanTalk Malware Scanner for WordPress

 

 
 
 
 
 

The Malware Scanner (short for Malicious Software Scanner) is a feature of the CleanTalk Security Plugin.

The Malware Scanner checks all of your website files and shows you the files that were changed, deleted, or added. It could be used to find a code of viruses, worms, trojans, ransomware, spyware, adware, scareware, and other malicious programs.

 

Please follow this guide to install the CleanTalk Security Plugin to be able to use the Malware Scanner: https://cleantalk.org/help/install-wordpress-security

 

After installing the Security Plugin, go to the WordPress Admin Page → Settings → Security by CleanTalk → the "Malware Scanner" tab → click the "Perform Scan" button.

Security Malware scanner

Upon finishing the scan you will see the results in 6 different categories:

  • Critical: Modified executable files of the system with very dangerous functions — 99,5% that this is malware!
  • Unknown: Unknown executable files spotted in the system. These files don't come with WordPress by default. It could be anything.
  • Suspicious: Modified executable files of the system with suspicious function names. WordPress does NOT use such functions.
  • Frontend Malware: Shows suspicious code on public pages of your site.
  • Outbound Links: Shows the number of outgoing links on your website and website addresses they lead to. This category will only appear if the "Scan links" option is enabled in the settings.

Each category will contain the list of files, if any, that require your attention. Click the category name to open it.

Additional categories:

  • Approved: approved files by user. Click the button "Approve" below the name of the file to approve it.
  • Analysis Log: List of files sent for the Cloud analysis.
  • Cure Log: The files that were automatically cured.
  • Unsafe Permissions: Permissions for files and directories from the list are unsafe. We recommend changing it to 755 for each file and 644 for each directory from the list. You can find more information about it here.
  • Quarantined: Quarantined files. by user. Click the button "Quarantine it" below the name of the file to place it in quarantine.

You can find more information about quarantine here.

 

If you don’t know what to do with any of these files you can send them to us for analysis by clicking Send for Analysis button.

You can find more information about the Files Analysis Interface here.

 

To see the results of scanning in your CleanTalk Dashboard, click the blue button "Security Dashboard"→ Log → Malware Scans Log.

Or simply follow the link: "View all scan results for this website".

Malware scan results

 

On your Malware Scans Log page, you will see all scans performed for your website.

The WARNING status in the "Results" column means that some possible threats were found during the scan. Otherwise, you will see the NO THREATS status.

Click the "Show suspicious files" or the "Suspicious pages" link to see the scan results in more detail.

Malware scans log

 

CleanTalk Cloud keeps a list of files it finds so you know where to look for them.

Malware scan details

 

 

Outbound Links Scanner

 

This option allows you to know the number of outgoing links on your website and the website addresses they are leading to. All websites will be checked through the CleanTalk Database and you will see the results if they were used as links in spam messages.

To enable this option, please, do the following:

  1. Go to your WordPress Administrator Panel → Settings → Security by CleanTalk.
  2. Go to the tab "General Settings".
  3. Enable the option "Scan links" and click the button "Save Changes".

 

 

Heuristic Check

 

This option allows you to check plugins and theme files with heuristic analysis. Probably it will find more than you expect.

The core files are files that go with the WordPress archive. Any other PHP files in the WordPress directory (except /wp-content/) are unknown and should be properly scanned. Even if we found something in these files they will also be shown in the "Unknown" category so that you would be aware that they came from third parties.

Every file in /wp-content/* will be checked heuristically. This check could find many interesting stuff. If you see there are too many finds, don't panic, it shows you only possible weak spots.

Heuristic analyses the code by simplifying it and looking for suspicious functions and constructs that are usually used by hackers. For example eval construct [ https://www.php.net/manual/en/function.eval.php ] and many other suspicious stuff.

To enable this option, please, do the following:

  • Go to your WordPress Administrator Panel → Settings → Security by CleanTalk.
  • Go to the tab "General Settings".
  • Enable the option "Heuristic analysis" and click the button "Save Changes".

 

Scanning For SQL Injections

 

What is an SQL injection?

This is an attack on a database that gives access to the intruder to perform some actions that were not planned by the script creator.

SQL injection is one of the most accessible ways to hack a website. Using it, hackers "read" the content of any tables, delete, modify or add information to the database, overwrite the content of local files, and give commands to execute arbitrary actions. In other words, they completely intercept the management of the attacked site.
The essence of such injections is the introduction of arbitrary SQL code into data (transmitted via GET, POST requests or Cookie values). If a website is vulnerable and performs such injections, then in fact there is an opportunity to create anything from the database (most often it's MySQL).

The CleanTalk Malware Scanner allows you to find such code of SQL injections. It is the problem that the scanner solves. 

This option is a part of the Web application FireWall feature.

You can find more information about the Web application FireWall here.

 

 

Was this information helpful?

It would also be interesting

Copied to clipboard