You are not logged in or registered. Please login or register to use the full functionality of this board...
Linuxcat.org
Checking for hacked files in Wordpress Site - Printable Version

+- Linuxcat.org (https://www.linuxcat.org)
+-- Forum: Linux Guides and Troubleshooting (/forumdisplay.php?fid=1)
+--- Forum: Linux Troubleshooting (/forumdisplay.php?fid=3)
+--- Thread: Checking for hacked files in Wordpress Site (/showthread.php?tid=71)



Checking for hacked files in Wordpress Site - knifebunny - 05-02-2014 03:04 PM

Wordpress hackers typically upload scripts that execute 'eval'

in the public_html or docroot directory for the website you can use

find . -type f | xargs grep eval


note that you should carefully scan the output as there are many files in wordpress that use eval, including plugins, however this should help narrow down the results

You can also consider adding the "wordfence" plugin into Wordpress

There is a new setting:

Improvement: Added "high sensitivity" scanning which catches evals with other bad functions but may give false positives. Not enabled by default.


Consider switching this on also