When you are running a Managed WordPress site on Nixzoehost, our servers are constantly "listening" for suspicious activity. If our security scanner, MalwareGuardian, detects a malicious file, it doesn't just send you a scary emailit takes immediate action to protect your reputation and your data.
Here is the exact sequence of events that happens behind the scenes:
1. Immediate Quarantine (The "Jail" Phase)
The moment a file is identified as malicious (e.g., a PHP shell, a script injector, or a trojan), the system quarantines it.
-
What this means: The file is moved to a secure, hidden folder outside of your public directory.
-
The Result: The malicious code is instantly "neutralized" because it can no longer be accessed by the internet. This stops the attack in its tracks before it can steal your data or infect your visitors.
2. Admin Notification & Reporting
You will see a notification in your Nixzoe Managed WordPress Dashboard (often appearing as a red "Mitigate Vulnerabilities" alert).
-
The system provides a report detailing which file was infected and what type of threat it contained.
-
It also logs whether the file was an original WordPress file that was modified (Compromised) or a brand-new file uploaded by a hacker (Malicious).
3. Vulnerability Patching
Simply removing the file isn't enough; we have to figure out how it got there. Our system checks if the file was uploaded via an outdated plugin or a vulnerable theme.
-
In your dashboard, the Vulnerability Protection toggle will often suggest "patching" the hole by force-updating the specific plugin that caused the leak.
4. Restoration Options
You have two main paths to get back to 100% health:
-
The "Clean" Command: You can attempt to have the system strip the malicious code out of the file.
-
The Restore (Recommended): Use the Back Up / Restore tool in your dashboard to roll the specific folder or the entire site back to the previous days snapshotbefore the infection occurred.
How to Prevent This from Happening Again
| Action | Why it works |
| Toggle "Hotlink Protection" | Prevents other sites from stealing your bandwidth and helps hide your directory structure. |
| Enable "Vulnerability Protection" | Automatically blocks known exploit attempts before they reach your files. |
| Enforce Strong Passwords | Most malware is uploaded via "Brute Force" (guessing your admin password). |