Site health enhancement

[systasiscomputersystems]

Question about site health. I just found a repetition of a virus I'm calling "surfer dude" when I migrated a WordPress DB from one dev machine to another. The infection showed as a media library with about 150 empty images. Can site health be modified to detect the case of database entries with no corresponding image file in uploads?
​https://wordpress.slack.com/team/U33EQ851Q . I'm aslwo thinking of a high water mark for file creation activity. It's not clear these files were created using any WordPress API, so it's strictly a post-hoc analysis.

[Clorith]

Hi there, and welcome to the WordPress trac!

I understand that having an infected system is troublesome, but I'm not sure if this is a viable thing for WordPress core to handle. Some security plugins may be up for doing something along this line, but in a site with potential thousands of media items, this would become a performance drain to go over every attachment entry to validate corresponding file existences.

It may also provide a non-negligible set of false positive results, in cases where third party services are used to offload media (such as Digital Ocean Spaces, or Amazon S3, to name some), the DB entries would then exist, without any physical files in place.

[systasiscomputersystems]

Thanks for your reply.