Wordpress Exploit Scanner
This plugin searches the files and database of your website for signs of suspicious activity. It will not stop someone hacking into your site, but it may help you find any uploaded or compromised files left by the hacker.
When a website is compromised, hackers leave behind scripts and modified content that can be found by manually searching through all the files on a site. Some of the methods used to hide their code or spam links are obvious, like using CSS to hide text, and we can search for those strings.
The database can also be used to hide content or be used to run code. Spam links are sometimes added to blog posts and comments. They’re hidden by CSS so visitors don’t see them, but search engines do. Recently, hackers took advantage of the WP plugin system to run their own malicious code. They uploaded files with the extensions of image files and added them to the list of active plugins. So, despite the fact that the file didn’t have a .php file extension, the code in them was still able to run!
This plugin searches through your site and attempts to find those changed files and db records. It’s far from perfect, so if you have suggestions for improving it, I’d like to hear them!
You can find the Scanner admin page linked off the Dashboard. This is the screen you’ll see. You can search in numerous ways:
- Files and database.
- Files only.
- Database only
- Search files by custom keyword.
All fairly self explanatory I think. The custom keyword form allows you to search your files for whatever you like. Be careful with that one because a search for a common keyword like “php” will takes ages and generate an extremely long list of files.
Warning! Searching through the files on your site will take some time. Even a clean WordPress install with no plugins will probably take a noticeable length of time. It’s also heavy on your server. Only run the file check when your server is idling and not busy.
Download
0.5: exploit-scanner.0.5.zip
0.5 MD5: a64eb922fa9d21bd43398467e8eb67cc
0.3: exploit-scanner.0.3.zip
0.3 MD5: 4329e9f2bb3d40de46fb311ef54f82d2
Version 0.1: exploit-scanner.0.1.zip
Version 0.1 MD5: 6a88a18a37c4add7dabd72fc97be13b6
Check WordPress.org plugin page for other versions.
Install
- Download and unzip the plugin.
- Copy the exploit-scanner directory into your plugins folder.
- Visit your Plugins page and activate the plugin.
- A new menu item called “Exploit Scanner” will be made off the Dashboard.
Security
Security is an important issue of course. If this plugin was somehow writable by the webserver it could be modified. For that reason it displays an md5 checksum of itself. That checksum is listed above, and also in the README file in the plugin zip file. Compare the checksums if you’re paranoid. If you’re really paranoid, run the script through md5sum just in case!
It also uses file checksums to rule out some false positive results which is one reason why a specific version of WordPress is needed. Newer versions of WordPress may create more false positive results.
Related posts:
October 30th, 2009 - 16:32
thanks for the info
November 7th, 2009 - 09:16
address the comment spam on wordpress is very tiring, I myself have experienced it all, because I know very little about html, so I am very hard to overcome. plug-in may this will help me in resolving the problem. thanks for the information!
November 7th, 2009 - 20:54
One of my blogs was hacked several months ago and now I have added Exploit Scanner to all of my blogs. I couldn’t salvage my blog and basically had to start it over, but it did teach me an important lesson about Wordpress security.