I know there’s tonnes of plugins that secure your site, but I’m interested in if anyone has ever implemented a custom solution?
I got a ClamAV server running on a host and connected successfully to it to scan files programmatically, but unfortunately, Clam’s default database can’t detect malicious code in PHP. I found a few PHP signature packs, but they were all pretty expensive per month.
Anyone ever done something similar, or is simply comparing checksums on everything the best way to go?
The problem is that it’s more than just making sure files haven’t changed and that uploads are clean. There are systems and software in your site, plugins, themes, server, etc., that can all make you susceptible to a breach.
If your SSH or FTP are misconfigured or insecure, and you’re only directory scanning or checking for malware signatures, you’re not watching all of the possibilities.
Beyond that, there is penetration testing, code testing, and management on plugin updates that people just don’t do regularly. Teams at Wordfence and other companies employ security professionals to audit code, updates, novel vulnerabilities, etc., and deliver fixes outside the main plugin branches that might seem secure but could be vulnerable.
If you have a small site with few plugins and audit all updates, something like what you described can be a good layer of security. But if you’re looking to automate a “security system” for multiple sites, this approach may miss a lot.
Security is tricky, and without a dedicated team and budget, I would recommend relying on established solutions. At best, your system might add a small layer of security. At worst, you could open up additional attack vectors.
We did something similar with a command-line tool we built for scanning hundreds of client sites per server:
https://github.com/baseapp/wordpress-malware-scanner
It allowed us to include custom signatures and rules from other malware scanners that charge per-site licenses. But over time, we realized that prevention is better than cure when it comes to reducing infections.
Why custom? There are dozens of plugins and server software that work perfectly fine.
Emlyn said:
Why custom? There are dozens of plugins and server software that work perfectly fine.
Because I want to…
Emlyn said:
Why custom? There are dozens of plugins and server software that work perfectly fine.
You’re kinda in the wrong sub to ask that question. Sure, custom solutions aren’t always the easiest, but I can see why you’d want to build your own.
However, when it comes to security, I’d be cautious. A customized solution may not be sustainable in the long run unless you have the resources to maintain it. Security is a tricky thing to get right, especially when there are reliable, battle-tested solutions out there.
@oliviamartin
I’m not necessarily looking to code everything from scratch. I’m more interested in a low-level solution that automates scans across multiple sites using open-source tools. I found that Wordfence has a CLI tool, and that looks promising for integration.
Had a client disable Wordfence, and their site got hit with malware. I’m looking for something more system-level to prevent that.
@Diana
If a client got hit with malware that quickly, that sounds like a larger problem. You might need to look at more comprehensive security hardening beyond just scanning for malware.
@oliviamartin
Part of being a pro is knowing when not to reinvent the wheel. If it’s a core competency, sure, build it. If not, you’re better off using something already built and tested.
esleystanley said:
@oliviamartin
Part of being a pro is knowing when not to reinvent the wheel. If it’s a core competency, sure, build it. If not, you’re better off using something already built and tested.
I see where you’re coming from, but in my experience, relying on pre-built components can sometimes create more headaches down the line when they become outdated or unsupported. There are times when rolling your own solution makes more sense for long-term stability, though security is a case where third-party solutions often make more sense due to complexity.
It’s awesome that you’re thinking about a custom solution for malware detection! While using ClamAV is a solid start, I totally understand the limitations when it comes to PHP-based threats. Building a custom solution could work, but it can also be a bit overkill when there are specialized tools out there.
That said, custom solutions often come with unique challenges, like maintaining your own signature database or comparing checksums on files regularly, which can get resource-intensive. It might work for smaller sites, but scaling it could become tricky.
If you’re using Cloudways, they already have a built-in Malware Detection tool, which actively scans for malicious files and alerts you right in the dashboard. This could save you from having to manage everything manually, as Cloudways handles most of the heavy lifting on the server side. Plus, they have security hardening measures already in place, reducing the need to run extra scans yourself.