WordPress Exploit Scanner

Wordpress Exploit Scanner

Recently I’ve been working on restoring a WordPress blog back to health after it was compromised, and after performing an upgrade to both WordPress itself and all contributed modules, I used the excellent WordPress Exploit Scanner to identify errors and inserted code within files, and it was able to identify that a malicious php script was inserted into the first line of almost every plugin file.



< php
eval(base64_decode("dfslgdgdfgdg...................")
?>

In order to restore the blog back to full working order it was necessary to remove this line from each file, and with there being over 20 plugins this was going to be a lengthy process. Fortunately by deleting the plugin and uploading a newly downloaded version this saved trawling through each file to remove the malicious code.

This was the first time that I’d used the WordPress Exploit Scanner but I will definitely keep it in mind for the future, both when there is a specific problem and also to check the health on any WordPress site.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

RSS Icon