Here are a few questions around our automatic malware detection and elimination that we wanted to answer in the blog.

I’ve gotten an email telling me you guys detected and removed malware from my site.  How did you do this?

WPE regularly performs threat detection and blocks pre-existing malware.  If we find something, we remove it immediately and notify you via email.  On occasion, we also find new malware has shown up.  This can happen to anyone on any hosting company, unfortunately.  We are always improving the security of our platform, but things will get through sometimes.

What is Malware?

Malware is usually code that was secretly written or injected into a site, and went unnoticed until our systems detected it.  This includes backdoor entry code that was added to an existing file, or that created a new PHP/WP file.  Sometimes we see malware injected into Javascript files within a WordPress theme (that’s why it’s important to not google blindly for “free WordPress themes”).

How do you detect malware?

We detect vulnerable page requests and reject them.  We also have an application that scans your .php, javascript, and .txt files for known malware code and matching strings. Usually these are php base64_decode and eval functions with ugly encrypted php code samples.  We focus on and highlight these samples to grow the knowledge base of known malicious code.

Our detection is very good, and once we’ve found something malicious, we have a systematized and effective process to isolate and remove it immediately.  And if something DID get through security, we guarantee the cleanup, AND you will receive a 5% refund for every hour of downtime that exceeds our SLA.  We’re incentivized to keep your site running smoothly.

 

Another way that we keep all our customer sites secure!

 


For the most updated information on WP Engine’s security policies, please see WP Engine’s Security Environment