[dageshi]

Oh all that is certainly possible. As a rule most of these attackers don't really know what afick is or if they do they simply don't care, most wordpress attacks are for the purposes of malware/SEO spam, so it's really a numbers game, figuring out how to quietly subvert afick is a waste of time for them.

More to the point I don't use afick as a detection system but more as a cleanup tool. Typically in most wordpress hacks (I've probably dealt with about 8-10) you'll find that the attackers will target the theme because typically if you "replace all the files on the site" you can't replace the theme, it's unique, unless you've got a clean copy from a backup (assuming you know when the hack took place) then you can't easily replace it with known good code.

But the theme is also the part of the site that changes least, so even an afick database from the first day of the site is sufficiently useful in seeing what files (php, js) have been altered.

Typically, I end up installing afick after I get called in to clean up an existing hack. If it's been hacked once, it may well get hacked again, so I install afick to make the cleanup job easier the second time around.