The CleanTalk Malware Scanner for WordPress

 

The Malware Scanner (short for Malicious Software Scanner) is a feature of the CleanTalk Security Plugin.

It will check all of your website files and shows you what files were changed, deleted or added. It could be used to find a code of viruses, worms, Trojans, ransomware, spyware, adware, scareware and other malicious programs.

 

Please, follow this guide to install the CleanTalk Security Plugin to be able to use the Malware Scanner: https://cleantalk.org/help/install-wordpress-security

 

After the Security Plugin installation, go to the WordPress Admin Page —> Settings —> Security by CleanTalk —> "Malware Scanner" tab —> Perform Scan.

Security Malware scanner

 

Give the Scanner some time to check all necessary files on your website.

Upon finishing the scan you will see the results in 6 different categories:

  • Unknown: Unknown executable files spotted in the system. These files don't come with WordPress by default. It could be anything.
  • Modified: Modified executable files of the system.
  • Suspicious: Modified executable files of the system with suspicious function names. WordPress does NOT use such functions.
  • Dangerous: Modified executable files of the system with dangerous functions that could harm your website.
  • Critical: Modified executable files of the system with very dangerous functions — 99,5% that this is malware!
  • Outbound links: Shows you the list of outgoing links from your website and websites on which they linking to.

Each category will contain the list of files, if any, that require your attention. Click the category name to open it.

Additional categories:

  • Approved: approved files by user. Click the button "Approve" below the name of the file to approve it.
  • Qurantined: Quarantined files. by user. Click the button "Quarantine it" below the name of the file to place it in quarantine.

You can find more information about quarantine here.

 

If you don’t know what to do with any of these files you can send them to us for analysis by clicking Send for Analysis button.

You can find more information about Files Analysis Interface here.

 

To see results of scanning in your CleanTalk Dashboard, click the blue button "Security Control Panel" —> Log —> Malware Scans Log. Or follow the link: "View all scan results for this website"

Malware scan results

 

On your Malware Scans Log page you will see the list of all scans that were performed for your website.

  • If the scanner found something then the column "Result" will be showing FAILED line.
  • If the scanner didn't find any new, deleted or changed files then the column "Result" will be showing PASSED line.

Click "Details" button to see what files were found.

Malware scans log

 

The CleanTalk Cloud saves the list of the found files for you to know where to look them for.

Malware scan details

 

 

Outbound Links Scanner

 

This option allows you to know the number of outgoing links in your website and website addresses they are leading to. All websites will be checked through the CleanTalk Database and you will see the results if they were used as links in spam messages.

To enable this option, please, do the following:

  1. Go to your WordPress Administrator Panel —> Settings —> Security by CleanTalk.
  2. Go to the tab "General Settings".
  3. Enable the option "Scan links" and click the button "Save Changes".

 

 

Heuristic Check

 

This option allows you to check plugins and themes files with heuristic analysis. Probably it will find more than you expect.

The core files are files that go with WordPress archive. Any other PHP files in WordPress directory (except /wp-content/) are unknown and should be properly scanned. Even if we found something in these files they will also be shown in the "Unknown" category so that you would be aware that they came from third-parties.

Every file in /wp-content/* will be checked heuristically. This check could find many interesting stuff. If you see there are too many finds, don't panic, it shows you only possible weak spots.

Heuristic analyses the code by simplifying it and looking for suspicious functions and constructs that are usually used by hackers. For example eval construct [ http://php.net/manual/en/function.eval.php ] and many other suspicious stuff.

To enable this option, please, do the following:

  • Go to your WordPress Administrator Panel —> Settings —> Security by CleanTalk.
  • Go to the tab "General Settings".
  • Enable the option "Heuristic analysis" and click the button "Save Changes".

 

Scanning For SQL Injections

 

What is an SQL injection?

This is an attack on database that gives access to the intruder to perform some actions that were not planned by the script creator.

SQL injection is one of the most accessible ways to hack a website. Using it, hackers "read" the content of any tables, delete, modify or add information to the database, overwrite the content of local files and give commands to execute arbitrary actions. In other words, they completely intercept the management of the attacked site. The essence of such injections is introduction of arbitrary SQL code into data (transmitted via GET, POST requests or Cookie values). If a website is vulnerable and performs such injections, then in fact there is an opportunity to create anything from the database (most often it's MySQL).

The CleanTalk Malware Scanner allows you to find such code of SQL injections. It is the problem that the scanner solves. 

This option is a part of Web application FireWall feature.

You can find more information about Web application FireWall here.

 

Security Dashboard button

 

 


Perhaps it would also be interesting