WordPress Core File infected not picked up on scan

Hi I have just resolved an issue where the vulnerability was not picked up by Defender.

Please see this link here https://blog.sucuri.net/2016/01/jquery-pastebin-replacement.html

I replaced all the files in wp-includes/js/jquery with an older backup and this resolved the issue but for some reason the changed files did not show that they had been modified at all. I don't know why but they definitely had been because as soon as I overwrote them with the original files the site went back to normal. I have resolved this but want to know if you can build anything into defender to pick up any changes to these files, regardless of whether the system shows it has been modified or not.

  • Adam Czajczyk
    • Support Gorilla

    Hi Denise Field

    I hope you’re well today and thank you for your question!

    I’m not sure if I understand that correctly so let’s make sure first that we’re on the same site, ok? If I’m following you right, the case was:

    – you noticed that the site has been infected (some unexpected behavior)

    – you have identified that the files in “/wp-includes/js/jquery” were infected with the code as described in the linked article

    – Defender wasn’t showing those files, not detecting them as infected but you confirmed that they were indeed changed

    Is that, more or less, correct? If I’m missing something, let me know please.

    Also, do you have scheduled scans enabled in Defender and/or did you run file scan after you started to think that site might be infected? I’m asking because Defender doesn’t detect changes “in real time” – so it will only detect them if the scan is run on schedule or manually.

    Let me know, please.

    Kind regards,


Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.