Help/security
security

Whole-site malware scanning and webshell detection

Updated July 1, 2026 1 views 0 found this helpful

PowerSEC's malware scanner reviews PHP-like executable files across your entire WordPress installation, including writable and non-standard directories — uploads, cache, backup folders, and security-plugin log folders — where attackers often hide malicious files.

Active webshell-family detection

Beyond known-malware signatures, PowerSEC actively detects several common webshell and backdoor techniques, such as:

  • Dangerous function names assembled from fragments or encoded strings and then called indirectly
  • Variable-function dispatch (calling a function whose name comes from a variable)
  • Tainted callbacks driven by request data
  • Eval/assert patterns fed from HTTP request headers
  • Reverse-shell connection shapes
  • Payloads that are decrypted or decompressed and then executed
  • Superglobals constructed or extracted dynamically to smuggle in attacker input

These run as deterministic scanner checks and contribute to your malware and webshell results.

Findings are for review — not automatic deletion

When PowerSEC reports a webshell or malware finding, the file should be reviewed carefully. A finding is a security signal, not an automatic deletion request.

PowerSEC does not automatically delete, quarantine, or remediate files from these detections. Site owners or authorized administrators stay in control of remediation decisions. A single flagged line is not proof of compromise on its own — context matters, and legitimate code can occasionally resemble these patterns.

Works best together

Malware scanning is strongest alongside file integrity monitoring, verified backups, prompt plugin and theme updates, and careful review of unexpected changes. For how PowerSEC labels findings, see "Understanding malware types found by PowerSEC".

Couldn't find what you're looking for?

Browse more articles or reach out to our support team.

Browse all articles Email support
Whole-site malware scanning and webshell detection — PowerSEC help | PowerSEC