PHP files and Malware on wordpress sites

I'm activating the prevent PHP execution feature on all my defender installs. My question is, does most malware that effects wordpress sites come in the form of PHP files?

  • Rupok
    • Support Ninja

    Hi cornelius_butler,

    Thanks for asking. As WordPress is written on PHP, most malwares that effects WordPress sites come in the form of PHP files. But that doesn't mean malwares on other languages can't harm your site. When someone runs a WordPress site, usually he runs his server on Apache or nginx. And by default, apache and nginx doesn't support parsing other language like ASP. So ASP malwares can't do much in apace or nginx servers. Same goes for many other languages. But there are other languages through which malwares can attach which languages are supported by apache or nginx. For example, JavaScript. As apache and nginx parse JavaScript, JS malwares can also attack your WordPress sites. But the scope of running PHP files is usually higher than running JavaScript files in a WordPress server.

    So we can't conclude that obviously most malwares are PHP files, but PHP has higher probability to be infected with malwares if your site is not secured. At the same time, other language files are also highly vulnerable to malware attacks.

    Please let us know if you have any confusion or any further query. We will be glad to help.

    Have a nice day. Cheers!

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.