Recognizing a WordPress virus

Recognizing a WordPress virus
datum-geschreven 7 Nov 2023

A WordPress virus is not a familiar term to most people. However, this term is used to refer to unwanted files on the server.

Definition of the word Virus: an infection, a self-replicating bacterium in the computer world, referring to unwanted files within a system.

In other words, you have an “infection,” and there are files on your server that do not belong there. You are dealing with a virus as these files will spread once they find their way onto the server.

To determine if your server/website is infected with a WordPress virus, it is important to distinguish between the three types of files.

Explanation of Different Files on the Server

  1. Regular WordPress files that belong there.
  2. Regular files that are infected/injected with malicious code.
  3. New files created by the virus or at the beginning of the virus.

How to Recognize Virus Files on the Server

Note: You will need FTP access to the server using an external FTP program.

  1. Virus files are often created later and have modified or created dates different from all other files.
    afwijkende wijzigingsdatum
  2. These files are often encoded with Base64 and Eval to avoid detection by the server.
    gecodeerde code wordpress virus
  3. The names of the files differ from the original WordPress files (e.g., Core.php – deleteme.php – test.php – inc.php).
    afwijkende namen wordpress bestanden
  4. The codes supporting the virus are all concatenated together without proper formatting.
    code zonder opmaak
  5. With a good server antivirus, they are labeled as suspected.php.
    verdachte bestanden

Preventing a WordPress Virus from Infecting Your Server

As the old saying goes, prevention is better than cure, and this is certainly applicable in this case.

There are two factors to consider:

  • The hosting provider responsible for updates (Note: with a VPS, you need to do this yourself).
  • The antivirus you use for WordPress.

The hosting provider will always hold you responsible for what happens to your WordPress website and how it affects the server. Therefore, ensure your WordPress is up-to-date and secure.

If You Already Have a WordPress Virus

If you are reading this article because there is already a virus on your WordPress (and hence on the server), you can use the five points described above to make the server virus-free. However, this is not easy and requires a lot of knowledge of code, WordPress, server files, and file permissions.

WPbeveiligen works full-time to secure WordPress websites and, when it’s already too late, restore them.

De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Heb je een vraag? Tip of gedachte? Deel die!

Breng me op de hoogte
0 Reacties
Inline Feedbacks
Bekijk alle reacties