Yesterday, Incapsula made their Backdoor Protect feature open up to public beta. This feature adds an additional layer of protection for your site by performing on-execution request monitoring and combining it with HTTP signature detection methods to detect any inappropriate shell environments that may be opening and being used on your web host.
If a backdoor is detected by Incapsula Backdoor Protect it will notify the admin and send a preview link identifying the file so the admin can take immediate action. You can also set default actions to quarantine, alert or ignore but in rare cases would you ignore, since this is something if found you will want to take immediate action on.
For those who don’t know, backdoor is a method hackers can use to open a shell and have access to your website/account. Backdoors can be installed and are typically used to turn your host into a bot that can be used in denial of service attacks against others sites and companies without you even realizing it. Typically a .php or other script file is injected into your server and is very hard to notice in most cases unless you are intimately familiar with all the WordPress php files and theme/plugin php file names.
Once this file is installed, it is executed remotely and gives the hacker access to run virtually any command he wants from your website. The new Backdoor Protect feature from Incapsula is just another great reason you should be considering Incapsula to protect your website and remember it is free for blogs with under 50GB of data transfer per month.