After Defender failed to detect a backdoor file buried deep in a plugin subfolder, I contacted the support to understand why.
I've been told that Defender only scans the core files.
It seems like a major flaw to me, since most of the malware I've seen so far was found in /wp-content/ more or less deeply hidden anywhere in subfolders.
So, for example why not store checksums for ALL the files and daily compare the changes? This could trigger a warning with all the files that were modified/added.
I think that's how iThemes Security works, and even if it's not perfect, it does the job quite well (that's what allowed me to spot the backdoor on this website).
Any thoughts on this?