Sucuri for WordPress: Remote Malware Scan Updated on August 20, 2021 by InMotion Hosting Contributor 2 Minutes, 29 Seconds to Read The Sucuri Security plugin offers a Remote Malware Scan tool you can use to protect and clean your WordPress site. For the best performance, this should be part of your site before you have an issue. Do keep in mind this only monitors the Core WordPress files. This means that malware hiding in your plugins, themes, or media uploads are not part of the scan. If your reading this and don’t have a security plugin already as part of your site, add one now. In this guide, we’ll go over what you’ll see and how to use the Sucuri Security plugin for WordPress. Sucuri Security Tool in WordPressCore WordPress Files Were Modified Sucuri Remote Malware Scan OptionsGoing Forward This article assumes you have the Sucuri for WordPress plugin installed already. Sucuri Security Tool in WordPress After you have installed the plugin you will see a new section in the Dashboard called Sucuri Security. This is where you can access the Remote Malware Scan Tools. Core WordPress Files Were Modified If you see the above image on your screen, it’s not time to panic. There are a few things that could cause false positives. If your site is several years old, it’s likely that WordPress has upgraded itself many times. Over the years WordPress has changed its core files. Every so often, files are not erased during an upgrade. Common files that are not deleted: wp-includes/css/dist/editor/editor-styles-rtl.csswp-includes/css/dist/editor/editor-styles-rtl.min.csswp-includes/css/dist/editor/editor-styles.csswp-includes/css/dist/editor/editor-styles.min.css Sucuri will also find files that you may not want to remove. The main ones would include: .user.ini — This file is from cPanel when you make changes to the site via MultiPHP INI Editor.phpinfo.php — This file will tell you the settings that PHP is using in your current directory. Useful for troubleshooting issues with WordPress. As described later, the Sucuri plugin can delete the files by itself. If you get reports of files other than the ones above you may wish to ask your developer if it’s a false negative or not. Sucuri Remote Malware Scan Options While it may be tempting to erase everything that it finds, this can cause issues with your site not loading at all. To fix the issue you have the following options under Action: Mark as Fixed (tells the system to ignore the file)Restore File (restores the file back to the original that WordPress says it should be)Delete File (erase the file, if the is not needed) If you want to delete files it will look like this: Click on the box that you “understand that this operation cannot be reverted“. Then click on Submit for it to process the files. Going Forward If you choose to use the Sucuri Plugin it should only be part of your security arsenal. It doesn’t replace making sure you update your site and plugins regularly. For the most secure WordPress site, you need secure hosting. That’s why InMotion Hosting crafted WordPress Hosting with rigorous server-side security - so you can spend less time hardening your hosting and more time creating your website. WordPress Hosting Plans Share this Article InMotion Hosting Contributor Content Writer InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals! More Articles by InMotion Hosting Related Articles How to Add Social Media Icons and Social Media Buttons to WordPress Using Stackable for WordPress W3 Total Cache – Guide to WordPress Caching Using Wordfence Login Security for 2FA Top Monitoring Plugins for WordPress How to Setup an Affiliate System in WordPress Google Web Stories Creates Beautiful Content for WordPress Websites WordPress comment spam prevention with Akismet How to Use WP 2FA for WordPress Using Twentig to Build Your WordPress Site
