Exploit Scanner
This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames. It does not remove anything. That is left to the user to do. Latest MD5 hash values for Exploit Scanner: 17e2ccfc834d691bc68cc5c64f9bed89 exploit-scanner.php (1.5.2) 1d5f9d6220fe159cd44cb70a998a1cd7 hashes-4.6.php fbdf61c17f65094c8e331e1e364acf68 hashes-4.6.1.php 477d128d84802e3470cec408424a8de3 hashes-4.7.php d53210f999847fbd6f5a2ecac0ad42f2 hashes-4.7.5.php Latest SHA1 hash values for Exploit Scanner: 1decc1e47a53d1cab9e8f1ef15b31682198367ee exploit-scanner.php (1.5.2) 5cec64380a2acdc876fd22fbbbbf8c335df1ed3f hashes-4.6.php 99d9e7be23a350f3d1962d0f41e7b4e28c00841e hashes-4.6.1.php 1eeab377a1afc6d776827a063678d2461b29e71d hashes-4.7.php 8c890a6af26bb74e9d17e5d2b21d6be27764da45 hashes-4.7.5.php See the Exploit Scanner homepage for further information. Interpreting the Results It is likely that this scanner will find false positives (i.e. files which do not contain malicious code). However, it is best to err on the side of caution; if you are unsure then ask in the Support Forums, download a fresh copy of a plugin, search the Internet for similar situations, et cetera. You should be most concerned if the scanner is: making matches around unknown external links; finding base64 encoded text in modified core files or the wp-config.php file; listing extra admin accounts; or finding content in posts which you did not put there. Understanding the three different result levels: Severe: results that are often strong indicators of a hack (though they are not definitive proof) Warning: these results are more commonly found in innocent circumstances than Severe matches, but they should still be treated with caution Note: lowest priority, showing results that are very commonly used in legitimate code or notifications about events such as skipped files Help! I think I have been hacked! Follow the guides from the Codex: Codex: FAQ – My site was hacked Codex: Hardening WordPress Ensure that you change all of your WordPress related passwords (site, FTP, MySQL, etc.). A regular backup routine (either manual or plugin powered) is extremely useful; if you ever find that your site has been hacked you can easily restore your site from a clean backup and fresh set of files and, of course, use a new set of passwords. Updates Updates to the plugin will be posted here, to Holy Shmoly! and the WordPress Exploit Scanner page will always link to the newest version. Other Languages Unfortunately for people using WordPress versions for other locales some of the file hashes may be incorrect as some strings have to be hardcoded in their translated form. Here are some file hashes for WordPress in other languagues provided separately by other members of the community: Japanese – thanks to Naoko German – thanks to Robert Wetzlmayr The hash files should only be declaring an array called $filehashes and the majority of the hashes should still be the same.
Top keywords
- php11×2.37%
- hashes-48×1.72%
- files6×1.29%
- scanner6×1.29%
- wordpress5×1.08%
- exploit4×0.86%
- exploit scanner4×0.86%
- results4×0.86%
- site4×0.86%
- codex3×0.65%
- file3×0.65%
- hacked3×0.65%
NinjaScanner – Virus & Malware scan
A lightweight, fast and powerful virus scanner for WordPress. NinjaScanner is a lightweight, fast and powerful virus scanner for WordPress which includes many features to help you scan your blog for malware and virus. Features File integrity checker. File comparison viewer. Exclusion filters. File snapshot. Database snapshot. Anti-malware/Antivirus. Sandbox for quarantined files. Ignored files list. Google’s Safe Browsing Lookup API. Background scans. Scheduled scans (Premium). WP-CLI integration (Premium). Debugging log. Email report. Integration with NinjaFirewall (WP and WP+ Edition). Multi-site support. Contextual help. And many more… File Integrity Checker The File Integrity Checker will compare your WordPress core files as well as your plugin and theme files to their original package. Its File Comparison Viewer will show you the differences between any modified file and the original. You can also add your Premium themes and plugins to the File Integrity Checker. Infected or corrupted files can be easily restored with one click. File Snapshot The File Snapshot will show you which files were changed, added or deleted since the previous scan. Database Snapshot NinjaScanner will compare all published posts and pages in the database with the previous scan and will report if any of them were changed, added or deleted. Anti-Malware Signatures You can scan your blog for potential malware and virus using the built-in signatures. The scanning engine is compatible with Linux Malware Detect LMD (whose anti-malware signatures are included) and with some ClamAV signatures as well. You can even write your own anti-malware signatures. NinjaFirewall Integration If you are running our NinjaFirewall (WP or WP+ Edition) web application firewall plugin, you can use this option to integrate NinjaScanner into its menu. Fast and Lightweight Scanner NinjaScanner has strictly no impact on your database. It only uses it to store its configuration (less than 1Kb). It saves the scan data, report, logs etc on disk only, makes use of caching to save bandwidth and server resources. It also includes a Garbage Collector that will clean up its cache on a regular basis. Background Scans Another great NinjaScanner feature is that it runs in the background: start a scan, let it run and keep working on your blog as usual. You can even log out of the WordPress dashboard while a scanning process is running! You don’t have to wait patiently until the scan has finished. Additionally, a scan report can be sent to one or more email addresses. Sandbox for quarantined files When moving a file to the quarantine folder, NinjaScanner can use a testing environment (a.k.a. sandbox) to make sure that this action does not crash your blog with a fatal error. If it does, it will warn you and will not quarantine the file. It is possible (but not recommended) to disable the sandbox. Advanced Settings NinjaScanner offers many advanced settings to finely tune it, such as exclusion filters, selection of the algorithm to use, a debugging log etc. Privacy Policy Your website can run NinjaScanner and be 100% compliant with the General Data Protection Regulation (GDPR): We, the authors, do not collect, share or sell personal information. We don’t track or profile you. Our software does not collect any private data from you or your visitors. Premium Features Check out our NinjaScanner Premium Edition Scheduled Scans: Don’t leave your blog at risk. With the scheduled scan option, NinjaScanner will run automatically hourly, twice daily or daily. WP-CLI Integration: Do you own several blogs and prefer to manage them from the command line? NinjaScanner can nicely integrate with WP-CLI, using the ninjascanner command. You can use it to start or stop a scanning process, view its status, its report or log from your favourite terminal, without having to log in to the WordPress Admin Dashboard. Dedicated Help Desk with Priority Support