New research from Snicco, WeWatchYourWebsite, Automattic-backed GridPane, and PatchStack reveals WordPress malware scanners that operate as plugins in a compromised environment are fundamentally flawed. Malware scanners are cleanup tools at best for already-compromised sites. They’re not a solid line of defense, and they’re being actively defeated by malware in the wild right now. Leave malware detection to a quality host. Focus your security policies on login authentication hardening, user management, proper delegation of privileges, and vigilant version management.
