{"id":218122,"date":"2023-09-12T00:25:40","date_gmt":"2023-09-12T00:25:40","guid":{"rendered":"https:\/\/wpmudev.com\/blog\/?p=218122"},"modified":"2023-09-12T00:25:40","modified_gmt":"2023-09-12T00:25:40","slug":"defender-safe-repair","status":"publish","type":"post","link":"https:\/\/wpmudev.com\/blog\/defender-safe-repair\/","title":{"rendered":"Prevent Accidental File Deletion and Site Downtime With New Defender Safe Repair"},"content":{"rendered":"<p>All new Safe Repair feature makes repairing and quarantining malicious files with Defender Pro smoother and safer than ever before for WordPress users!<\/p>\n<figure id=\"attachment_218845\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-ratio-full wp-image-218845\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/09\/hub-quarantine-1050x852.png\" alt=\"The Hub: Defender - Quarantine Widget\" width=\"1050\" height=\"852\" \/><figcaption class=\"wp-caption-text\">View quarantined files using Defender&#8217;s Safe Repair feature from The Hub.<\/figcaption><\/figure>\n<p><a href=\"https:\/\/wordpress.org\/plugins\/defender-security\/\" rel=\"noopener\" target=\"_blank\">Defender<\/a>, WPMU DEV&#8217;s powerful WordPress security plugin, recently launched its<strong> all new version 4.1<\/strong>, which ensures maximum compatibility with the latest version of WordPress, and &#8212; <strong>more importantly for Pro users<\/strong> &#8212; is designed to streamline the process of repairing and quarantining modified files, suspicious files, and offer users a safer alternative to deleting files.<\/p>\n<p>In this post, we&#8217;ll focus on this new feature and cover the following areas:<\/p>\n<ul>\n<li><a href=\"#what-is-safe-repair\">What is Defender&#8217;s &#8220;Safe Repair&#8221; Feature?<\/a><\/li>\n<li><a href=\"#how-safe-repair-works\">How Does &#8220;Safe Repair&#8221; Work?<\/a>\n<ul>\n<li><a href=\"#suspicious-files\">Suspicious Files<\/a><\/li>\n<li><a href=\"#modified-files\">Modified Files<\/a><\/li>\n<li><a href=\"#repair-files\">Repairing Files<\/a><\/li>\n<li><a href=\"#quarantine-files\">Quarantined Files<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"#how-to-use-safe-repair\">How to Use Defender&#8217;s &#8220;Safe Repair&#8221; Feature<\/a><\/li>\n<li><a href=\"#restoring-quarantined-files\">Restoring Quarantined Files<\/a>\n<ul>\n<li><a href=\"#restoring-files-wp-admin\">Restoring Files Via The WordPress Admin<\/a><\/li>\n<li><a href=\"#restoring-files-hub\">Restoring Files Via The Hub<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Let&#8217;s jump right in&#8230;<\/p>\n<h2 id=\"what-is-safe-repair\">What is Defender&#8217;s Safe Repair Feature?<\/h2>\n<p>As a user-driven company, we listen to what our members and users want. Especially when it comes to addressing issues, as outlined in the comments below from our Defender plugin users:<\/p>\n<ul>\n<li><em>&#8220;I was running a malware scan with Defender Pro, and I think I accidentally deleted a file which I shouldn\u2019t have. Now the website is down with a critical error.&#8221;<\/em><\/li>\n<li><em>&#8220;Our website is currently down after removing two attached files that Defender Pro recommended removing.&#8221;<\/em><\/li>\n<li><em>&#8220;It would be wonderful if Defender Pro allowed us to quarantine a file in addition to the options of deleting a file or ignoring it.<\/em><br \/>\n<em>That way if the suspicious file breaks the site, it can be restored easily instead of having to restore the entire site from a backup.&#8221;<\/em><\/li>\n<\/ul>\n<p>Using the above feedback, our developers decided to improve our security plugin and add the following options to avoid serious issues and errors on users&#8217; WordPress sites:<\/p>\n<ol>\n<li>Repair and Quarantine\/backup <em>suspicious<\/em> files so these can be restored if necessary.<\/li>\n<li>Repair and Quarantine\/backup <em>modified<\/em> files so these can be restored if necessary.<\/li>\n<\/ol>\n<p>Defender Malware Scanning scans your entire site for suspicious code or modified files and published vulnerabilities in plugins, themes, and WordPress core.<\/p>\n<p>The new <strong>Safe Repair<\/strong> feature applies to reported suspicious and modified files, allowing these to\u00a0be quarantined, deleted, or replaced with the latest file copies from their official plugin repository.<\/p>\n<figure id=\"attachment_218187\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-ratio-full wp-image-218187\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/07\/defender-vulnerability-detection-1050x355.png\" alt=\"Defender Pro - Plugin vulnerability message\" width=\"1050\" height=\"355\" \/><figcaption class=\"wp-caption-text\">Defender detects and warns users of plugin, theme, and core vulnerabilities. Note: the plugin shown in the above screenshot was modified for illustrative purposes.<\/figcaption><\/figure>\n<h2 id=\"how-safe-repair-works\">How Does Safe Repair Work?<\/h2>\n<p>As explained earlier, Defender Pro&#8217;s Safe Repair feature within the Malware scanning section is designed to streamline the process of quarantining files before repairing or deleting them, offering a safer alternative to outright suspicious or modified file deletion.<\/p>\n<p>Here&#8217;s how Defender Pro handles these requests from version 4.1 onward:<\/p>\n<h3 id=\"suspicious-files\">Suspicious Files<\/h3>\n<p>Defender flags PHP functions, code, and files when they vary from what is expected or when they match known issues.<\/p>\n<figure id=\"attachment_218766\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-ratio-full wp-image-218766\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/09\/defender-suspicious-file-new-02-1050x1540.png\" alt=\"Defender- Suspicious file\" width=\"1050\" height=\"1540\" \/><figcaption class=\"wp-caption-text\">Defender detects and flags files with suspicious code.<\/figcaption><\/figure>\n<p>Once a flagged function or suspicious code has been verified as suspicious, Defender presents you with three actions: Ignore, Delete, or Safe Repair (note: you may need to deactivate the plugin for the \u2018Delete\u2019 option to become active).<\/p>\n<p>Prior to v4.0, deleting suspicious files would occasionally cause a plugin, theme, or even the entire website to break. Often, this is caused by code from the plugin or theme itself being flagged by Defender as being suspicious.<\/p>\n<p>The problem, however, appears when it&#8217;s a false positive, meaning that the flagged file isn&#8217;t malicious per se, but part of the plugin&#8217;s (or theme&#8217;s) core files and contains <em>risky<\/em> code added by the theme or plugin developer. Hence, deleting this file could cause errors on the site, break functionality, or even break the entire site.<\/p>\n<p>From Defender Pro v4.1 onward, users can now opt to repair and quarantine\/back up suspicious files for 30 days or more, instead of deleting the file right away. Files are stored under the new quarantine tab, allowing you to restore these if needed, including restoring files manually. This provides a fail-safe method to handle suspicious files and offers a restoration option if things go wrong or return false-positives.<\/p>\n<p><strong>Note:<\/strong> The Safe Repair option becomes available only if the suspicious code found differs from the plugin&#8217;s original code. Also, <strong>Safe Repair only works with WordPress.org <a href=\"https:\/\/wordpress.org\/plugins\/\" rel=\"noopener\" target=\"_blank\">plugins<\/a>\u00a0currently.<\/strong><\/p>\n<h3 id=\"modified-files\">Modified Files<\/h3>\n<p>If code in a plugin, theme, or WordPress core file doesn\u2019t match what is found in the official WordPress repository. Defender will flag the file as a <em>Modified<\/em> file. Restoring the original file fixes this issue.<\/p>\n<p>Earlier versions of Defender (and Defender Free plugin) feature a &#8220;Restore&#8221; button in the plugin&#8217;s Malware Scanning section, which fetches a fresh file from the WordPress repository and replaces the existing file in the server directory.<\/p>\n<figure id=\"attachment_218160\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-218160\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/07\/defender-pre-v4.png\" alt=\"Defender Pre v4 - Restore files\" width=\"1000\" height=\"1151\" \/><figcaption class=\"wp-caption-text\">Earlier versions of Defender offer only the option to restore modified files with a fresh version of the file.<\/figcaption><\/figure>\n<p>However, when a file has been modified by an admin or site developer (e.g. by adding a custom code for a certain functionality), deleting or replacing the file with its original can result in the loss of custom code or functionality, and in some cases, lead to sites breaking.<\/p>\n<p>In Defender Pro, <em>Restore<\/em> is now <strong>Safe Repair<\/strong>. This new feature not only replaces the modified file with the original file from the WordPress repository, it also adds an option to quarantine the modified file before replacing it, allowing users to restore the file if required.<\/p>\n<figure id=\"attachment_218161\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-218161\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/07\/defender-v4-safe-repair.png\" alt=\"Defender v4.0 - Safe Repair button\" width=\"994\" height=\"1153\" \/><figcaption class=\"wp-caption-text\">The new Safe Repair feature of Defender Pro allows users to restore replaced files.<\/figcaption><\/figure>\n<h3 id=\"repair-files\">Repairing Files<\/h3>\n<p>Repair is a handy feature to have when a file in the server directory gets modified for any reason. It smartly fetches a fresh file from the WordPress repository and swaps it with the current file in the server directory. (See below for more details on how to use this feature.)<\/p>\n<h3 id=\"quarantine-files\">Quarantined Files<\/h3>\n<p>Modified and\/or suspicious files on your server are quarantined and moved to a remote directory (<code>\/wp-content\/.defender-security-quarantine<\/code>), allowing you to restore the files if needed (explained in more detail further below).<\/p>\n<h2 id=\"how-to-use-safe-repair\">How to Use Defender&#8217;s Safe Repair Feature<\/h2>\n<p>To use the new Safe Repair feature, make sure you have installed <a href=\"https:\/\/wpmudev.com\/project\/wp-defender\/\" target=\"_blank\" rel=\"noopener\">Defender Pro<\/a> and that the plugin is running the latest version. If you are currently using our <a href=\"https:\/\/wordpress.org\/plugins\/defender-security\/\" rel=\"noopener\" target=\"_blank\">free Defender WordPress Security plugin<\/a>, consider upgrading to Pro by <a href=\"https:\/\/wpmudev.com\/pricing\/\" target=\"_blank\" rel=\"noopener\">becoming a WPMU DEV member<\/a>.<\/p>\n<p>Also, make sure that you have enabled the plugin&#8217;s settings as shown below for the Safe Repair feature to work.<\/p>\n<figure id=\"attachment_218169\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-218169\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/07\/safe-repair-settings.png\" alt=\"Defender Settings\" width=\"610\" height=\"587\" \/><figcaption class=\"wp-caption-text\">The above settings must be enabled for Safe Repair to work.<\/figcaption><\/figure>\n<p>With Defender Pro v4.1 (minimum) installed and the above settings configured, run a fresh Malware Scan by going to <em>Defender &gt; Malware Scanning &gt; New Scan<\/em>&#8230;<\/p>\n<figure id=\"attachment_218152\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-218152 size-full\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/07\/defender-malware-scan.png\" alt=\"Defender - Malware scan\" width=\"830\" height=\"600\" \/><figcaption class=\"wp-caption-text\">Run a malware scan in Defender.<\/figcaption><\/figure>\n<p>Once the scan is completed, check for modified or suspicious files.<\/p>\n<figure id=\"attachment_218164\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-218164 size-full\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/07\/defender-malware-scan-results-01.png\" alt=\"Defender Malware Scan results\" width=\"1010\" height=\"483\" \/><figcaption class=\"wp-caption-text\">A malware scan showing modified files and suspicious code detected.<\/figcaption><\/figure>\n<p>Next, click on the <em>Malware Scanning &gt; Issues<\/em> tab.<\/p>\n<div class=\"cgrid-col cgrid-col-span-full\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-ratio-full wp-image-218155\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/07\/malware-scan-safe-repair-1050x1240.png\" alt=\"Defender - Malware Scan Safe Repair\" width=\"1050\" height=\"1240\" \/><\/div>\n<p>Select a file and click on the <strong>Safe Repair<\/strong> button.<\/p>\n<p>You will be given the option to repair and\/or quarantine the selected file.<\/p>\n<figure id=\"attachment_218200\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-218200 size-full\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/07\/defender-repair-file-modal-01.png\" alt=\"Defender Repair File feature\" width=\"610\" height=\"622\" \/><figcaption class=\"wp-caption-text\">We recommend quarantining files before repairing them.<\/figcaption><\/figure>\n<p>Note that by default, quarantined files will remain isolated for 30 days before being automatically deleted. You can configure quarantine duration in the Malware scanning settings if you want to change this default period.<\/p>\n<figure id=\"attachment_218166\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-218166\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/07\/quarantine-settings.png\" alt=\"Defender Quarantine settings\" width=\"980\" height=\"434\" \/><figcaption class=\"wp-caption-text\">You can change the quarantine period in the Malware Scanning settings section.<\/figcaption><\/figure>\n<h2 id=\"restoring-quarantined-files\">Restoring Quarantined Files<\/h2>\n<p>You can restore quarantined files in one of two ways:<\/p>\n<ol>\n<li><strong>Via WordPress Admin<\/strong>: Go to <em>Defender &gt; Malware scanning &gt; Quarantined<\/em> section.<\/li>\n<li><strong>Via The Hub<\/strong>: Use the Quarantined Hub widget under the <em>Security<\/em> tab.<\/li>\n<\/ol>\n<h3 id=\"restoring-filesa-wp-admin\">Restoring Quarantined Files Via The WordPress Admin<\/h3>\n<p>Quarantined files are listed under the new quarantine tab.<\/p>\n<figure id=\"attachment_218201\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-218201\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/08\/defender-quarantined-tab.png\" alt=\"Defender Quarantined section\" width=\"890\" height=\"316\" \/><figcaption class=\"wp-caption-text\">Defender stores all of your quarantined files in the Quarantined section.<\/figcaption><\/figure>\n<p>To restore quarantined files from your WordPress admin, log into your WordPress site, and go to <em>Defender Pro &gt; Malware Scanning &gt; Quarantined<\/em>.<\/p>\n<figure id=\"attachment_218194\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-218194 size-ratio-full\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/07\/quarantined-new-01-1050x651.png\" alt=\"Defender Pro - Malware Scanning - Quarantined section\" width=\"1050\" height=\"651\" \/><figcaption class=\"wp-caption-text\">View all of your quarantined files in the Malware Scanning section.<\/figcaption><\/figure>\n<p>This section lets you go through your quarantined files and choose to either restore or permanently delete these.<\/p>\n<figure id=\"attachment_218174\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-218174\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/07\/defender-quarantined-files-options.png\" alt=\"Defender Quarantined Fles - Options\" width=\"970\" height=\"822\" \/><figcaption class=\"wp-caption-text\">Restore or delete your quarantined files.<\/figcaption><\/figure>\n<p>Files can also be restored manually by downloading them from <code>\/wp-content\/.defender-security-quarantine<\/code>.<\/p>\n<h3 id=\"restoring-files-hub\">Restoring Quarantined Files Via The Hub<\/h3>\n<p>The Hub&#8217;s <em>Security tab<\/em> lists your most recent quarantined files (up to a maximum of 5 files) and provides the following options, depending on whether the website is running or not.<\/p>\n<ul>\n<li><em>If the website is up<\/em> &#8211; files can be restored from the Hub.<\/li>\n<li><em>If the website is down<\/em> &#8211; instructions will display on how to restore the quarantined file(s) manually using FTP\/SSH<\/li>\n<\/ul>\n<figure id=\"attachment_218211\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-218211\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2023\/08\/hub-quarantine-widget.png\" alt=\"The Hub - Quarantined Files widgets\" width=\"663\" height=\"297\" \/><figcaption class=\"wp-caption-text\">Monitor quarantined files in The Hub&#8217;s Security section.<\/figcaption><\/figure>\n<h2>Repair Files Safely Using Defender<\/h2>\n<p>Defender 4.1 now lets you apply a powerful combination of quarantining and repairing modified or suspicious file threats and isolating files instead of deleting these entirely, lessening the risk of breaking your site, as quarantined files can be restored if required.<\/p>\n<p>For full details on using the new Safe Repair feature and all of its options, see the <a href=\"https:\/\/wpmudev.com\/docs\/wpmu-dev-plugins\/defender\/#quarantine-malware-scanning\" target=\"_blank\" rel=\"noopener\">Defender plugin documentation<\/a> section.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>All new Safe Repair feature makes repairing and quarantining malicious files with Defender Pro smoother and safer than ever before for WordPress users! Defender, WPMU DEV&#8217;s powerful WordPress security plugin, recently launched its all new version 4.1, which ensures maximum compatibility with the latest version of WordPress, and &#8212; more importantly for Pro users &#8212; [&hellip;]<\/p>\n","protected":false},"author":774618,"featured_media":218123,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"blog_reading_time":"7","wds_primary_category":0,"wds_primary_tutorials_categories":0,"footnotes":""},"categories":[11260,11259],"tags":[],"tutorials_categories":[11231],"class_list":["post-218122","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wpmu-dev-products","category-wpmudev-tutorials","tutorials_categories-defender-pro"],"_links":{"self":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/218122","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/users\/774618"}],"replies":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/comments?post=218122"}],"version-history":[{"count":64,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/218122\/revisions"}],"predecessor-version":[{"id":218853,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/218122\/revisions\/218853"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/media\/218123"}],"wp:attachment":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/media?parent=218122"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/categories?post=218122"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/tags?post=218122"},{"taxonomy":"tutorials_categories","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/tutorials_categories?post=218122"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}