What the WP Cerber scanner scans and detects
Cerber Security Scanner is a sophisticated and extremely powerful tool that thoroughly scans every folder and inspects every file on a website for traces of malware, trojans, backdoors, changed and new files. The scanner verifies the integrity of WordPress, plugins, and themes and prevents them from being infected with unforeseen malware.
We’ve spent a great deal of time studying malware, trojans and their patterns and algorithms. As a result, we’ve implemented a set of heuristic algorithms that effectively detect almost all known and unforeseen pieces of malware.
Scans and verifies all WordPress files
This scan checks if all WordPress folders and files match what exist in the official WordPress core repository. If a file has been changed, usually it means your WordPress installation has been altered or infected by malware which has modified a file or a set of files. If changes have occurred, all changed files are listed and marked as Checksum mismatch. In this case you have to simply reinstall WordPress. Go to the Dashboard / Updates admin page. Click the Re-install now button.
Scans and verifies all installed plugins
As with the WordPress core file change detection above, the scanner compares your plugin files with what are in the official WordPress repository, and will alert you to any changes. Cerber Security Scanner verifies the integrity of plugins that are installed from the official repository on wordpress.org as well as commercial plugins that are installed manually.
Scans and verifies all installed themes
As with the WordPress core file change detection above, the scanner compares your theme files with what are in the official WordPress repository, and will alert you to any changes. Cerber Security Scanner verifies the integrity of themes that are installed from the official repository on wordpress.org as well as themes that are installed manually.
Detects not bundled, abandoned and unattended files
The scanner detects files in any WordPress, theme or plugins folders which are not a normal part of them. The scanner recognizes those files as “ownerless” or “not bundled” because they do not belong to any known part of the website and should not be there. In a scan report these files are marked as Unattended suspicious file.
Some developers do not follow the official guidelines that WordPress provides for theme and plugin developers, so you should make sure that a suspicious file is not a part of a poorly designed plugin or theme.
Inspects file contents for suspicious code signatures
Our team maintains a list of malicious and suspicious code patterns (signatures) that are usually used in malware, trojans, viruses and backdoors. During a scan, the scanner inspects the contents of every file for presence of these patterns.
Scans installed plugins for known vulnerabilities
The scanner scans installed plugins for known vulnerabilities. If you have enabled scheduled automatic scans you will be notified in a email report if a vulnerability in one of the installed plugins has been discovered.
Inspects any files as if they were executable
The scanner looks for malicious code that is hidden inside files that have non-executable extensions like PNG or JPG. This inspection is a part of Full Scan.
Inspects .htaccess files for malicious directives
The scanner looks for malicious and suspicious directives like redirecting users to malicious or phishing websites and PHP configuration directives in .htaccess files that must not be in a normal .htaccess file on a normal WordPress powered website. The scanner also verifies the integrity of a .htaccess file if it’s bundled with WordPress, with a theme or a plugin.
Scans all folders for new and modified files
The scanner looks for new files and monitors changed files in all website folders including the system temporary folder, the temporary folder for uploaded files and the sessions folder.
Inspects temporary and session folders
The scanner scans those folders like other website folders. It’s crucial to monitor those folders because some malware can reside there.
Read more about the malware scanner:
How to use Cerber Security Scanner for WordPress
Automated recurring scans and email reporting for WordPress
Automatic cleanup of malware and file recovery
Cerber Security Scanner Settings explained
Troubleshooting malware scanner issues
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.
Spotted a bug or glitch?
We’d love to fix it! Share your bug discoveries with us here: Bug Report.
WordPress 5.4.1. A security update fixes seven XSS vulnerabilities
WP Cerber Security 8.6.5
I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.
Hi
I’ve just scanned my website and Cerber Security says that .htaccess has “Suspicious directives found”. How can I check which files are affected or suspicious in the .httaccess?
Thank you kindly.
You have to inspect the file manually by clicking on its name on the scanner results page. It may be a redirection rule or an external IP address. Normally such directives should not be in the .httaccess but probably were added by another plugin for a legit reason. The plugin is unable to make the right decision and cure the .httaccess file in such a case so you need to do it manually.
I did a scan and some plugins has a result sating “suspicious code found”. how to I get rid of such code?
Click the “Resolve issue” link located next to the plugin name.