The main function of a website backdoor is to keep it hidden from the owner. The main way to identify a legitimate file is its checksum a numerical signature of the file that can be compared to known good files. This way, we can safely ignore the good files, which eliminates a significant part of the work. We combine whitelisting and blacklisting techniques with our own manual analysis to find all the backdoors in a website. Sucuri has always been committed to research and progression.”]
Source: https://blog.sucuri.net/2018/07/ask-sucuri-how-do-you-find-website-backdoors.html