Yikes! Are WordPress Malware Scanners Worthless?

We take a look at iTheme's write up on the state of malware scanners and what we can do to better improve security.

The WordPress logo with gears attached

Security is scary at times, isn’t it? A few months ago we went through Patchstack’s State of the WordPress Security report and discussed where the WordPress community was in terms of security. There was a discussion of what we all were succeeding at and information on what we could do better. Dan Knauss of iThemes continued with a dive into the malware scanners many in the community use in his write-up, “Why WordPress Malware Scanners Are Worthless.

What’s going on with our Malware Scanners?

Knauss takes new research from Snicco, WeWatchYourWebsite, GridPane, and PatchStack. It suggests that WordPress malware scanners are fundamentally flawed. As per the research, scanners operating as plugins in a compromised environment are at best cleanup tools and not robust defense lines. He also goes in-depth to explain how local and remote malware scanners can be easily outsmarted and rendered ineffective, with their functionality being tampered with by the malware.

Is there anything we can do?

If you are paranoid about security at this point in all aspects of life as I usually am, fear not because there are things that we can do to make ourselves a little more safe. In regards to malware scanners that make us vulnerable, Knauss advises shifting focus from detection to prevention, emphasizing strong user login security, careful user management, and maintaining vigilance in version management. Basically, echoing what cybersecurity experts have wanted us to understand for a long time: there is no one way to secure your information on the web. Several walls of protection are needed as malware, hackers, and other bugs evolve. We must evolve with them. You can read Knauss’ full article here on the history of malware scanners, and what we can do now to make sure we are safely protected.

Author Profile Image

Nyasha is the Editorial Director at MasterWP and a software developer at Howard Development & Consulting, the company behind WP Wallet.

Subscribe & Share

If you liked this article, join the conversation on Twitter and subscribe to our free weekly newsletter for more 🙂

MasterWP contains no affiliate links. We’re entirely funded by the sponsors highlighted on each article. In addition to MasterWP, we own EveryAlt, WP Wallet, Understrap and Howard Development & Consulting.

Latest Posts