via ithemes.com => original post link
New research from Snicco, WeWatchYourWebsite, Automattic-backed GridPane, and PatchStack reveals WordPress malware scanners that operate as plugins in a compromised environment are fundamentally flawed. Malware scanners are cleanup tools at best for already-compromised sites. They’re not a solid line of defense, and they’re being actively defeated by malware in the wild right now. Leave malware detection to a quality host. Focus your security policies on login authentication hardening, user management, proper delegation of privileges, and vigilant version management.
So 2000-and-Late: Malware Scanners Have Outlived Their Usefulness
Malware detection plugins for WordPress date back to around 2011, when SQL injection attacks were common and effective. Anyone working with WordPress back then will remember a widely-used image editing library called TimThumb. It was subjected to zero-day exploits with horrible results for millions of sites.