22 Mar, 2018

Quttera WordPress Malware Scanner: 400K Installations and Counting

A few days ago, the download counter of the WordPress Malware Scanner plugin passed 400K installations--and with good reason. This incredible plugin has a number of key advantages that have helped many of our customers build their websites and create the amazing online communities they've hoped for.

We have been happy to provide the Malware Scanner for free to the WordPress community throughout its lifetime. It helps monitor malware and blacklisting to create safer websites for both owners and users.

Quttera's WordPress Malware Scanner started its life during the WordPress 3.2 update. Today, it's still being updated to keep up with the latest changes. In fact, the malware scanner updates twice per week in order to keep up with the nearly one million new pieces of malware created every day.
In 2017, experts estimated that a new malware variant was born around every 4-5 seconds. A conventional approach to online threat detection simply can't keep up with the pace. That's why we're continuously updating our patented algorithms to sharpen our heuristic web malware detection engine and self-learning threat analysis modules.
The Technology
Quttera’s WordPress Malware Scanner utilizes heuristic malware scanning technology that adapts to the changing needs of its users and discovers potential problems before programmers become aware of them. This plugin is designed for scanning WordPress setups both internally – to keep track of inside-out malware – and externally – to track outside-in infections. The two facets help cover the full landscape of malware infection, providing website owners with full scanning information so that they’re better able to protect their sensitive data and their users.
Why are both internal and external scans required?
The WordPress Content Management System (CMS) developed in a PHP (PHP originally stood for Personal Home Page) language. Every web browser request of a WordPress page invokes PHP interpreter which executes this PHP code and generates HTML output. Internal scanning dissects WordPress PHP source files and detects malware infection at the source files level.
By contrast, the external scan checks website content simulating web browser behavior. Through this method, it detects malware infection injected during generation or creation of the accessed web page.
The External Scan and How It Works
During the external scan, Quttera WordPress Malware Scanner connects with one of our servers and requests to perform an HTTP-based malware scan of the provided website. The malware scanning process runs on our infrastructure, which means that it does not require any resources from the investigated WordPress setup. The external scan emulates web browser behavior, crawling the provided website page by page. This external portion of the malware scanner enables detection of the following malware:

  • Third-party malicious JavaScript
  • Reference to malicious or blacklisted web resources
  • Hidden malicious iframes
  • Hidden spam or SEO injection
  • Obfuscated malicious JavaScript code
  • Malicious JavaScript code injection
  • Blacklisting check
  • Drive-by-download infection
  • Malicious redirection to third-party resources
The Internal Scan and How It Works
The internal WordPress Malware Scanner performs a malware scan similar to antivirus software. It investigates WordPress setup files (PHP, JS, and more) directly on the hosting server. The internal scanner traverses WordPress directories and scans all source files using patented Quttera algorithms combined with a threat intelligence database. Our malware detection database updates daily with the new infected code collected from the malware cleanups of the websites and servers by ThreatSign (website security experts).
  • Generic PHP malware
  • Remote PHP shells
  • PHP backdoors
  • PHP mailers and spammers
  • Obfuscated PHP code
  • Malicious JavaScript code injection
  • Malicious redirection to third-party resources
Heuristic Malware Scan Accuracy and Local Whitelisting
Both internal and external scanners utilize heuristic scan engines. This sets Quttera technology apart and makes it a powerful tool for detecting malware. However, it may also produce false positives that leads individuals to believe that there is an infection where, in fact, there is none.

Most of the released web malware is in the form of text files which can be then easily modified to overcome detection. Thus, a deterministic scanner engine for web malware detection will be able to cover only a minimal set of known malware samples. Keeping this in mind, we developed this plugin with a different concept: that it is better to whitelist false positive detection than to miss zero-day infection and end up with the website being blacklisted by search engine authorities, which damages the business brand and exposes sensitive data to hackers.

To provide both the power to use heuristics and to minimize the false-positives, we have developed a user interface that allows the user to whitelist specific files, excluding them from the investigation report. This will enable users to manually exclude files that they know they've created or which they know are supposed to be part of their WordPress site while still highlighting any files that could potentially present problems to both website users and creators.
Why the Quttera WordPress Malware Scanner?
In order to protect your growth online and gain new visitors and customers, it is extremely critical to keep your website protected and clean from malware. Quttera WordPress Malware Scanner is a free WordPress security plugin that provides you with the powerful heuristic scanning capabilities to detect malware infection. That means you’ll catch any problems before your business suffers from a range of problems. These include:
  • Website blacklisting
  • Removal from search engine results
  • Blocking from web hosting
  • Ransomware locks your file system
  • All the other severe damage that comes from cyber attacks
We are always happy to listen to our users. Input helps us enhance our malware scanner features to deliver all the required tools to help WordPress administrators keep their sites malware-free. If you're struggling with malware on your website or there are problems that we aren't seeing, contact us as soon as possible. That way we can start making the necessary changes to our processes.
We would like to thank all our customers who have been continuously using Quttera's WordPress Malware Scanner. We wouldn't have made it to 400K downloads without you! If you need professional assistance in removing malware and blacklisting from your website, we're here to help. Get a dedicated malware analyst assigned to check your system and harden your security settings for the benefit of your site visitors and your business. Just head over to the ThreatSign Website Antimalware plans page and check out our products and services. If you're not sure which plan to select, contact us and let us help you to choose the best cybersecurity protection for your business.