The WordPress Exploit Scanner was a very useful WordPress plugin that would check your site for interference by hackers. It does this by checking the hashes of all the modules against what they were when the code was published and also looks (as best as it can) at your posts and comments database looking for common inserted exploit code.
Unfortunately this seems to have stopped being updated for the last two versions of WordPress (4.1 and 4.1.1).
All is not lost though as all that is missing are the current hash files and Philip John has stepped forward and is hosting replacements – just that it is not as slick as before and these files need to be manually uploaded. The procedure is as follows …
- Go to https://github.com/philipjohn/exploit-scanner-hashes
- Find the relevant hash file based on the version of WordPress installed. Currently this is hashes-4.1.1.php – left click on this link.
- This generates the required hashes file in a window. The easiest way to download it is to click on the “Raw” button
- Select the whole page (CMD-A or CTRL-A)
- Copy the whole page (CMD-C or CTRL-C)
- Open a text editor (e.g. textedit or notepad)
- Paste the page into there (CMD-V or CTRL-V)
- Now save the file and call it (in this case) hashes-4.1.1.php – note: it must not have .txt added on the end!
- Upload this file using FTP to the web site into directory wp-content/plugins/exploit-scanner
- Login to WordPress as admin
- Go to Tools ==> Exploit Scanner
- Click “Run the Scan”
When I did this on a very clean site (no other plugins, very little content) the number of warnings was down to two, both of them in the exploit scanner itself. In practice you will get more than this as it doesn’t know about other plugins and accidental false positives but with care and experience it is very readable.