At Monarx, we categorize detections into three distinct classifications based on the nature of the file and its intent. This helps you determine the best course of action—whether to delete the file, clean it, or ignore it.
1. Malicious
Definition: These are files created with purely harmful intent. They have no legitimate function on a healthy website.
Nature: These are typically "stand-alone" files. They are not part of your original WordPress core, plugins, or themes.
Examples: * Web Shells: Tools that allow an attacker to execute commands on your server.
Mailers: Scripts designed to send massive amounts of spam from your domain.
Backdoors: Scripts that give hackers persistent access even after you change passwords.
2. Compromised (Injected)
Definition: A legitimate, "good" file that has been tampered with by an attacker who inserted malicious code into it.
Nature: This is a "hybrid" file. It might be a critical part of your website (like
index.phporwp-config.php) that now contains a malicious snippet at the top or bottom.
Examples: * JavaScript Injections: Malicious code added to a theme file to redirect your visitors to a scam site.
Pharma Hacks: Code injected into a database or file to display spammy SEO links (e.g., "Cheap Meds").
3. PUA (Potentially Unwanted Application)
Definition: Software that may be unwanted or pose a security risk, but is not inherently "malicious" in the traditional sense.
Nature: These are often "gray-ware." They are frequently legitimate tools that provide high-level access to a server. While useful for developers, they are a major security liability if left on a production site because hackers love to use them.
Examples: * File Managers: Independent scripts (like
elfinder) that allow file editing via a browser.Database Admin Tools: Stand-alone scripts (like
adminer.php) used to manage SQL databases.Outdated/EoL Software: Old versions of software with known, unpatched vulnerabilities.