[Defender] Defender needs to add Malware Scanning of the Database

One of my websites was hacked this week. The bot found a vulnerability in a search and replace plugin and had used that to insert javascript redirect code in most of pages and posts on the site.

Defender still said that the site was fine … but it wasn’t. I have had this same thing happen on a few old sites I have inherited that had a plugin or theme with a vulnerability. The hacking bots inject javascript into the site – Defender scans the php files, and says everything is fine.

I’m currently looking for alternative security plugins that will have a malware scan and database scan built-in. But it is annoying to pay for an alternative product when I’m already paying for WPMU which has Defender as part of the subscription.

Feature request is:

– Please add malware scan and database scan to Defender.

At a basic level it should identify javascript that has been saved in the WYSIWYG editor (with the ability for us to mark a specific line as safe, in case we have actually put it in there ourselves). A more advanced level would be determining whether the javascript was malicious (e.g. redirecting users to another site).

Another site I know of had SEO links injected into the site, which had inline CSS with a big negative margin-top and margin-left so that the links weren’t visible to users, but only to search engines. That type of thing could also be picked up in a database content scan.

Over the last year I have fixed about 10 WordPress sites that have had this type of hack. In previous years I’ve cleaned up sites that have had loads of files dumped onto the server. But the more recent wave of hacks seems to be focused on injecting content or javascript redirects into the post content. So would be great if Defender could help us identify when that happens.