From time to time we do forensic investigations of WordPress breakins. When we do the investigation there is often one or more backdoors placed in the filesystem or modified legit WordPress-related files in wp-includes, themes or plugins. This is not only related to WordPress but all sites running PHP such as Drupal, Magento etc. Finding backdoors in the filesystem can be time consuming and doing checksum checking is not always possible. So I wanted to find out how good antivirus software are these days to find PHP and WordPress backdoors. On my personal Gist Github I have collected more than 10 different backdoors found on real breakins and forensic investigations. Test 1 – VirusTotal The Google owned VirusTotal.com service allows[…]