You\u2019ll also learn how to keep your sites protected from these kinds of issues going forward.<\/p>\n
Let’s not delay, the health of your sites is at stake!<\/p>\n
How To Detect and Resolve Suspicious Code and Files With Defender<\/h2>\n
First order of business…<\/strong> Detecting and removing suspicious files and code can only be done with the Pro version of Defender.<\/strong><\/p>\n You can get Defender Pro<\/a>, along with our suite of Pro WordPress plugins and site management tools for a low $3\/month.<\/strong> Which is incredible value, especially if you own or manage critical sites that are particularly susceptible to malware or attacks.<\/p>\n The first step is to enable the Suspicious Code<\/strong> setting via Malware Scanning > Settings.<\/strong><\/p>\n You also need to ensure that File Change Detection<\/strong> is enabled for both ‘Scan Core Files’ and ‘Scan Plugin Files.’ This will help reduce the occurrence of false positives in your scans.<\/p>\n Once you’ve enabled these settings, you’re ready to scan your site for malware.<\/p>\n To do this, go to Malware Scanning<\/strong> via the WordPress admin sidebar or from the main Defender dashboard.<\/p>\n Once here, you can initiate a new scan with a click.<\/p>\n Then sit back and let Defender work its magic. The scan should only take a few minutes, depending on the size of your site.<\/p>\n Once the scan is completed, you will be alerted to any issues found relating to file change detection, known vulnerabilities, and suspicious code.<\/p>\n Next, simply click on the Issues<\/strong> tab. Here you will find a list of all the potentially harmful files that have been compromised or changed in some way.<\/p>\n Click on any of the detected files to get more details about the issue and its exact location.<\/p>\n In the example below, the suspicious code has been detected inside of a WordPress plugin. Defender specifically points out the error and the file in which it was found.<\/p>\n Along with seeing important details like the plugin URL, location of the issue, date added, and developer, you have three options when it comes to addressing suspicious files or code.<\/p>\n You can either ignore<\/strong>, delete<\/strong>, or Safe Repair<\/strong> the file.<\/p>\n Caution:<\/strong> It\u2019s strongly recommended to ensure that something is harmless before choosing to delete and\/or ignore it. If you’re unsure or need advice, you can consult our 24\/7 WordPress experts.<\/a><\/em><\/p>\n It’s important to note there is a chance that reported issues or vulnerabilities could be false positives, meaning that legitimate code being flagged as suspicious due to its resemblance to malicious code.<\/p>\n This can happen for various reasons, such as a function being modified by a plugin or theme, or if something is directly modified in the file or theme editor.<\/p>\n Fortunately, Defender is designed to minimize the occurrence of false positives. However, malicious code often mimics legitimate code, making it almost impossible to avoid completely.<\/p>\n To help verify suspicious code, you can take a couple of steps:<\/p>\n We highly recommend you reach out to either the plugin developer or our expert support team for advice before deleting any files. You’ll also need to deactivate the plugin before you can delete the associated file.<\/p>\n Another great and risk-free option is to use Defender’s Safe Repair feature.<\/strong><\/p>\n Click Safe Repair<\/strong> to automatically quarantine the file for a defined amount of time that you specify (30 days – one year).<\/p>\n The advantage of this is it allows you to quickly repair your site and fix the issue instantly if it is the cause. The quarantine period also gives you ample time to properly investigate what happened.<\/p>\n Plus, if it turns out to be a false positive, you can easily restore the file. This saves you from accidentally deleting a critical file<\/a> and preventing further damage to your site.<\/p>\n Once you’re sure that deleting the file is safe and necessary, you can securely do so from within the Quarantined<\/strong> tab.<\/p>\n And that’s it!<\/strong><\/p>\n You’ve seen how easy and fast it is to identify and address suspicious files or code in the event of a hack or malware incident.<\/p>\n However, resolving critical issues promptly once they occur is one thing….<\/p>\n Preparing and protecting your sites against future attacks is another!<\/p>\n On that note, here are some ‘bonus tips’ to ensure your sites are well-prepared to deal with potential hacks or other issues should they reoccur.<\/p>\n Another useful Defender Pro feature is the ability to run automated site scans.<\/p>\n This not only saves you from running scans manually, but also ensures your sites are checked more frequently for security issues without any hassle.<\/p>\n Scheduling scans can be set up via Malware Scanning > Settings.<\/strong> From there, all you need to do is enable scheduled scanning and set the frequency, day of the week, and time of day for the scans to run.<\/p>\n After setting up automated scans, you should also set up notifications so that you can be alerted about scan results from wherever you are, saving you from having to manually check in.<\/p>\n Simply navigate to the Notifications<\/strong> section using the sidebar or from your main Defender dashboard.<\/p>\n Here you’ll find a number of different notification options to choose from.<\/p>\n In the case of detecting suspicious code, you would enable the Malware Scanning<\/strong> “Notification” and “Reporting” options.<\/p>\n Once selected, you can set up additional settings and configurations for each notification.<\/p>\n You also have the option to either add users directly or invite them via email.<\/p>\n Next, you can further configure notification settings to ensure you only receive notifications at appropriate times.<\/p>\n Additionally, you can set up custom email template messages for your clients to guarantee that the notifications they receive are to your liking and clear for the user.<\/p>\n As you can see, suspicious code is no match for Defender<\/a> and it really just takes no more than a few clicks to remove.<\/p>\n Beyond finding malicious code and the ability to delete it, Defender can stop SQL injections<\/a>, prevent hackers from exploiting WordPress vulnerabilities<\/a>, prevent PHP execution, and much more.<\/p>\n To discover more about WordPress security, check out our Ultimate Guide to WordPress Security<\/a>. And for more information on how Defender works, be sure to view the plugin\u2019s documentation<\/a>.<\/p>\n Don’t have the time or resources to address malware or hacks yourself? Try our Expert Services!<\/strong><\/p>\n We know that when a malware attack happens on a client site that you are managing, you may not have the time or resources to fix this yourself.<\/p>\n![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2024\/05\/enable-suspicious-code.png\")
![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2024\/05\/New-malware-scan.png\")
![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2024\/05\/scan-in-progress.png\")
<\/div>\n<\/div>\n![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2024\/05\/scan-complete-issues-found-1.png\")
![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2024\/05\/issues-detected-screen.png\")
![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2024\/05\/issue-details.png\")
\n
![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2024\/05\/Safe-repair-file-1.png\")
![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2024\/05\/delete-quarantined-file.png\")
BONUS TIPS: How To Configure Your Sites For Future Protection<\/h2>\n
Schedule Automated Site Scans<\/h3>\n
![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2024\/05\/set-scanning-schedule.png\")
Enable Notifications of Suspicious Activity<\/h3>\n
![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2024\/05\/Enable-configure-notifications.png\")
![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2024\/05\/notifications-users.png\")
<\/div>\n<\/div>\n<\/div>\n![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2024\/05\/Set-notifications-email-template.png\")
Finding and Deleting Suspicious Code Just Got Easier With Defender<\/h2>\n