Documentation

Security in WordPress: The first AntiVirus plugin for WordPress

World’s first anti-virus plugin for WordPress protects persistent and efficient against malware on the blog. With daily check.

WordPress is nothing but a piece of software – very common software. Unfortunately, “software” is also known to have gaps and holes or to be infected with viruses and worms. The topic is unpleasant and can have fatal consequences. Afterwards you are always smarter. AntiVirus for WordPress monitors the blog in a live mode.

Features

Why AntiVirus for WordPress? There are a few reasons for this:

  • … considers Google Safe Browsing warnings.
  • … increases the security of the blog and warns against infected malware.
  • … doesn’t cost money.
  • … doesn’t affect the execution times of the blog in the least.
  • … informs if you want about a potential infection by e-mail.
  • … can be executed manually by clicking or automated.
  • … doesn’t send any data or information into the internet.
  • … let set you code passages output to a positive list.

Functionality

Injections, exploits, viruses, malware, hacks – a common denominator: Sneaky infiltrated code. And this code has only one job: to be executed!

By using sophisticated techniques, every imaginable possibility is used to make the implanted code, the executed activity and the results unrecognizable – the trickbox of the attackers are groundless and manifold. As a blogger, it is extraordinarily difficult: If you are unintentionally a victim of an attack, you do not always recognize the serious infection and the nasty exploitation of the blog promptly.

Barely a blog operator inspects the source code of pages at regular intervals, in order to localize possibly automatically inserted and not infrequently hinded links to erotic and casino pages. Even the templates on the FTP server are rarely or ever been subjected to an optical monitoring – if a file is infected by the virus, the modification by third parties would only be noticed a while later, if at all.

In summary: injected pest hide themselves and their work. As a result, they act undetected and undisturbed over a longer period of time. Thereby causing enormous damage.

Early warning system for WordPress

Well, the tragedy is described and understood: the damage would be enormous, if there is no immediately reaction after the attack. But how to become active, if a blog operator does not notice the infection – finally, the action does not announce itself? The first AntiVirus plug-in for WordPress makes a great and essential help with this problem: AntiVirus for WordPress checks relevant template files for possibly injected code. Optionally manual or automatic in the background.

After activating the AntiVirus for WordPress you can use the functionality of the plugin. The checkbox available under Settings switches automatic control sequences on or off: The templates of the WordPress theme used are scanned once a day for malicious sections. If suspicious code found, the administrator of the blog receives a notification via e-mail. Alternatively, any e-mail address can be left.

Settings page for automatic check in AntiVirus for WordPress

Manual Scan

The manually initiated scan reads all the theme files immediately and evaluates the contents at the same time. The result is a list of files that have been checked. In the output, colors play a significant but self-explanatory role: green means “file without indication”, red signals a warning – the suspect is highlighted yellow in the middle of the line.

If you are sure that a line is definitely not a threat, it can be muted by clicking on “Dismiss”. When the next (automatic or manual) check is executed, this location in the code will be skipped.

Manual scan of WordPress theme files

Checksum Verification

Since version 1.4.0, the plugin has integrated the functionality of Checksum Verifier (a discontinued plugin which performed the same checks). This feature will match all WordPress core files against a list of well-known checksums. If any file’s checksum does not match, this indicates that a core file was manipulated (or is corrupt for other reasons) and a corresponding warning will be generated.

Google Safe Browsing

Since version 1.3.4, the plugin has a valuable opportunity to access the data of Google Safe Browsing. Once Google thinks the website has been infected and is a threat, the AntiVirus plugin will notice it and notify the blog administrator by e-mail. The email contains a link to the Google Safe Browsing Diagnostics page with more information.

This feature requires a custom API key that can be created free of charge in most cases. Please refer to Google’s API key documentation if you are unsure how to create one.

Technical details

The AntiVirus plugin searches active templates for blocks that can indicate a virus initiated via code injection. Typically, there are commands for encoding, evaluating and executing string as a PHP code. Values from the option fields of the database are also used and will be analyzed.

Hints

  • Because numerous theme developers hide their copyright notices in the encoded text block, it can possibly be that such hide-outs are declared by the AntiVirus for WordPress plugin as an infection. This is not an error in the functionality of the plugin.
  • In general: The tool has the unique task of analyzing files and pointing to suspicious code lines. The report therefore does not necessarily have to be part of an existing worm or virus (see also the previous point). The probability varies depending on the complexity and scope of the theme used.
  • The AntiVirus plugin is free of charge and freely accessible. The source code of the extension can be viewed and evaluated by everyone, the malicious code can be adapted accordingly – the enemy could hears or reads it, too.
  • No code fragments are deleted or transferred to the virtual quarantine. The suspicious code line is displayed after the test procedure and the position is visually highlighted.
  • No guarantee for completeness, updating and examination thoroughness is assumed.

The fact that professional and passionate (further) development of a plugin is associated with (time) effort is needless to say and should be clear to every user.

Would you like to promote the development of AntiVirus?

Thanks!