What can I do with the Malware Scanner results?

To run the Malware Scanner, please use this guide.

Start the scanner, and wait while the scanner checks all the necessary files on your site.

At the end of the scan, you can see the results in the following categories:

• Unknown – This category includes plugin and theme files that are not located in the WordPress directory. The danger of these files is low. However, we recommend checking such files, as they may contain unsafe functions (backdoors).
• Modified – this category includes executable files that have been modified. We recommend checking these changes.
• Suspicious, Dangerous – These categories include executable files that include suspicious functions that are not recommended for use by WordPress.
• Critical – files containing potentially dangerous PHP functions get into this category. The files may be safe because developers may use deprecated features in their theme or plugin code.

We recommend checking all found files. For example, you can download a plugin or theme that contains a found file and compare it with a file from your site. If the function found by the scanner is not present in the downloaded plugin file, then most likely your file is infected. If the found function is unknown to you, arouses suspicion, or you cannot check it yourself, then you can do the following:

1. Move the file to quarantine.

2. Send the file to us for analysis.

If you are sure that the found file is safe, click the "Approve" button below the file name to approve it. The approved file will be placed in the "Approved" category.

Frontend Scanner

The Frontend Scanner is designed to search for malware on the public part of the site. It can detect malware in 4 ways:

• Drive by Download – the unintentional download of malicious code to your computer or mobile device when you visit your website.
• Redirects – a vulnerability that allows an attacker to force users of your site to go to an untrusted external site.
• CSRF (Cross-Site Request Forgery) – an attack that forces authenticated users to send a request to the web application in which they are currently authenticated.
• Signatures – a file containing a data sequence used to identify an attack on a network, usually exploiting an operating system or application vulnerability.

As with detected files, the Frontend Scanner scan results are not necessarily malicious and should not be removed immediately. You can see the results of found links/scripts by clicking on the "View Bad Code" button.

If you need help checking Frontend Scanner scan results, please contact our technical support.