Woried About Malicious Files In Your WordPress Database? Then Check This Out
By: Karan Goel | 4th November 2009
After successfully migrating my blog to Gizmoko.com and adding more security to it, I have found a WordPress Exploit Scanner that should do the heavy lifting for you. Let’s check it out.
Go ahead and download the plug-in files and either upload them via FTP or use the automatic plug-in uploader via your WordPress wp-admin console. You can see my experience below. I logged in to WP-admin, I hit the plug-ins menu option on the left hand side. Then I clicked Add. I choose the upload option and pushed the browse button. After navigating to my plugins directory where I downloaded the WordPress exploit scanner plugin to, I was able to hit the Install now button.
While it is installing you can see it’s progress on your screen like so.
Hit the ‘Activate plugin’ button and you are ready to go. You can verify that the plugin is actually active by scrolling through the active plugin list. It should look like this:
Once it is successfully active, you will have a new menu item listed directly under your Dashboard menu item. Click on it to get down to business.
Once you click on the link for the WordPress exploit scanner, it will start querying your database for all of your files. What it checks is as follows:
- Modified Core WordPress File – this is when a hacker modifies system files to have WordPress do their bidding like injecting code into posts or even serving up malware. You need to be very cautious about this. Thankfully, this came up as Hooray! None of your core wordpress files have been modified! I am thankful for things like this as I will not have to reinstall WordPress!
- Suspicious strings. It searches for iFrames – unfortunately I use iFrames on my site for various reasons so I had to scrutinize the entries below. Hackers use iFrames to inject content or ads into your site.
I read through the 1500 entries or so with iFrames and thankfully they were all pointing right back at my site. The attack that I corrected before actually injected these iFrames into my site to show my users Viagra ads! Freaking hackers! It actually got me unlised briefly from Google Searches. But after going over my results with a fine-tooth comb, I am at ease.
Did your search result in any unexpected modified files or some nasty code injected? We would love to hear about it and I would love to lend my expertise in helping out hacked WordPress owners.
Hit us up in the comments, bloggers – We are here for ya! The plugin author’s website can be found at here.
The Dos and Donts of Stock Photography
Hands on with Google Drive (Review)
Top Android Based Photo Editing and Sharing Apps
10 of the Most Mind Boggling and Bizarre CAPTCHA's Around the Web
Facebook In 100 Years
Fun Free Travel Apps
The Next Revolution In Wireless Networks
Huawei Honor - Killer Specs at Unbeatable Prices
VPS - Best Storage Solution For 2012
Blood is Cheaper Than Printer Ink
November 9th, 2009 at 3:26 pm
Does it cost much to make a blog?
November 10th, 2009 at 10:57 am
No. If you are on a tight budget, yu can create a free blog at Blogger.com
November 27th, 2009 at 10:30 pm
Great job! Can’t wait to start my own blog. :)
December 1st, 2009 at 4:52 am
nice answers i like it