If you are like me, you want to make sure that the software you run is as secure as possible. My partners and I even subscribe to several third party services that actually scan our servers looking for exploits that could be taken advantage of by hackers or script kiddies. Since one of the most frequent CMS solutions we use is WordPress, this plugin caught my attention.
The WordPress Exploit Scanner is a plugin that searches the files and database of your website for signs of suspicious activity. While it won’t stop someone hacking into your site, it may help you find any uploaded or compromised files left by the hacker on previous attempts. It can also help you identify any weaknesses that you might have so you can harden your installation.
Here’s a little bit more on the Exploit Scanner plugin if you are interested:
When a website is compromised, hackers leave behind scripts and modified content that can be found by manually searching through all the files on a site. Some of the methods used to hide their code or spam links are obvious, like using CSS to hide text, and we can search for those strings.
The database can also be used to hide content or be used to run code. Spam links are sometimes added to blog posts and comments. They’re hidden by CSS so visitors don’t see them, but search engines do. Recently, hackers took advantage of the WP plugin system to run their own malicious code. They uploaded files with the extensions of image files and added them to the list of active plugins. So, despite the fact that the file didn’t have a .php file extension, the code in them was still able to run!
You can download this plugin here: http://ocaoimh.ie/exploit-scanner/
Questions or Comments?