Wordfence Security security plugin scans WordPress sites for malicious code

Scanning and troubleshootingWordPressThird-party plugins/tools for malicious code (trojans/backdoors).

Chen WeiliangRecommended UseWordPress plugin- Wordfence Security security protection plug-in.

• It is a WordPress security plugin based on firewall and malicious code scanning.
• It's built and maintained by a large team, 100% focused on WordPress security.

Wordfence Security plugin download

Although there is a paid module, we can use the free module "Scan" to scan our WordPress site for PHP files with "malicious code".

Although there is a certain false positive rate:

• Mainly due to false positives of some paid plugins and theme encryption components.
• However, finding "malicious code" with Wordfence Security is definitely an effective method.
• Frequent opening of Wordfence Security plugin is not recommended.
• Because of its firewall and security protection, it will cause a certain burden on the database, which will affect the overall performance of the website.

Typically, when you need to enable a plugin, run a scan "Scan" check.

When done, close the plugin and keep it for future use.

Why do I get the "Incomplete installation of Wordfence" prompt?

Because other similar security plug-ins are installed, there is a "conflict" caused, just disable other security plug-ins.

What should I do if the Wordfence plug-in cannot be successfully launched after disabling other security plug-ins?

You can try the SSH command to restart the following services ▼

systemctl restart httpd
systemctl restart nginx
systemctl restart mariadb
systemctl restart memcached

Test results, the Wordfence plug-in was successfully started.

How to set up Wordfence?

Usually, you can follow the default settings of the Wordfence plugin.

How to set up Wordfence plugin scan?

Click Scan → Scan Options and Schedules → Basic Scan Type Options ▼

• Recommended settings for "Standard Scan":Our recommendations for all websites.Provides the best detection capabilities in the industry.
• Choose to set high sensitivity only if your website is hacked:For site owners who think they may have been hacked.More thorough, but may produce false positives.

What should I do if there is an error in Wordfence scanning?

If you use the Wordfence plugin to scan, the following error message appears:

Wordfence scanning servers: cURL error 28: Connection timed out after 10000 milliseconds

Setting method to solve Wordfence scan error:

Step 1: In Wordfence → "Tools" → "Diagnostics" → "Debugging Options":
Try enabling or disabling "Start all scans remotely (try this if your scans are not started and your site is publicly accessible)"

Step 2:Restart the Apache service ▼

systemctl restart httpd

After restarting the Apache service, it usually resolves"Wordfence scanning servers: cURL error 28: Connection timed out after 10000 milliseconds" is wrong.

What should I do if the Wordfence scan fails?

What should I do if the Wordfence plug-in suddenly fails to scan and pauses during the scan process, and the following scan failure prompt appears?

The current scan appears to have failed.Its last status update was 8mins ago.You can continue to wait for it to resume or stop and restart the scan.Some sites may need tuning to run scans reliably.Click here for steps you can try.

Or the following scan failure message:

The current scan appears to have failed.Its last status update is 5 minutes Before.You can continue to wait for it to resume or stop and restart the scan.Some sites may need tuning to run scans reliably. Click here for steps you can try.

Solution:

1. Click "Cancel Scan";
2. Try restarting the Wordfence plugin;
3. once againJust try a security scan.

Wordfence Plugin Notes

Notes on using the Wordfence Security Plugin:

• To ensure a stable scan, it is best to disable all other plugins (only Wordfence security plugins are enabled) before starting "Scan".
• Since Wordfence Security Plugin scans can cause peak server CPU load, it is recommended to scan in the early morning or when site traffic is at a minimum.
• We only use Wordfence Security's "scan" rule for malicious code, so pay attention to the path of suspicious php files prompted in the scan results, so that it is easy to manually backup and then clean and delete.

Chen WeiliangThis blog tutorial mentioned, WordPress theme malicious code analysis ▼

What is the malicious code of WordPress theme?Website malicious code analysis

Almost 90% are caused by "malicious code". More than 80% of WordPress sites are plugins that bring malicious code into website accounts (there are official website plugins, online streaming plugins, etc.).The other is that the theme (cracked version, pirated theme) is "malicious code" or "after...

3rd Party Tools Find Trojan Backdoors

In fact, there is another native tool that is the best way to find malicious code in PHP files - Microsoft's MSE.

• We can download the server-side PHP files locally, so Microsoft's MSE scanning detection can also find "malicious code", "Trojan horse", and "backdoor".
• This is not only more powerful than China's domestic "360 Security Guard", "Tencent Computer Manager" and "Kingshan Drug Tyrant".
• We have many third-party tools to choose from, please choose according to your own situation.

The WordPress ecosystem is truly the best:

• The existence of security plugins like Wordfence Security, can solve the problem of WordPress malicious code.

Conclusion

At last,Chen WeiliangIt will be emphasized again:

1. WordPress' rich set of plugins and themes is also a "double-edged sword".
2. Everyone has to be careful when choosing and using plugins and themes.
3. Because the main factor of WordPress insecurity is plugins and themes, which are not officially controlled by WordPress.
4. It's submitted by a third-party developer after all.
5. It is recommended to keep using the Wordfence security plugin permanently.
6. For planning to operate a websiteInternet marketingPeople, it is recommended to buy genuine WordPress plugins and themes.
7. Because pirated, free versions may hide the danger of "malicious code".