Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.
Author: | Automattic (profile at wordpress.org) |
WordPress version required: | 3.3 |
WordPress version tested: | 4.7.5 |
Plugin version: | 1.5.2 |
Added to WordPress repository: | 26-06-2008 |
Last updated: | 05-06-2017
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
Rating, %: | 64 |
Rated by: | 40 |
Plugin URI: | https://wordpress.org/plugins/exploit-scanner... |
Total downloads: | 1 061 570 |
Active installs: | 10 000+ |
Click to start download
|
FAQ
Installation Instructions
- Download and unzip the plugin.
- Copy the exploit-scanner directory into your plugins folder.
- Visit your Plugins page and activate the plugin.
- A new menu item called “Exploit Scanner” will be available under the Tools menu.
How do I fix the out of memory error?
Scanning your website can take quite a bit of memory. The plugin tries to allocate 128MB but sometimes that’s not enough. You can modify the amount of memory PHP has access to from within the plugin admin page. You can also limit the max size of scanned files. Reduce this number to skip more files but be aware that it may miss hacked files. Any skipped files are listed after scanning. Memory is also used if you have deep directories because of the way the scanner works. It will help if you clean out any cache directories (wp-content/cache/ for example) before scanning.
ChangeLog
1.5.2
- Added hashes for WordPress 4.7.5
1.5.1
- WordPress 4.6 hashes
- WordPress 4.6.1 hashes
- WordPress 4.7 hashes
1.5
- WordPress 4.5.3 hashes
- Move to follow WP versioning system
1.4.12
1.4.11
- WordPress 4.5 hashes
- WordPress 4.5.1 hashes
1.4.10
1.4.9
1.4.8
- WordPress 4.3.1 security release hashes
- Other missing hashes
1.4.7
1.4.6
- WordPress 4.2.3 hashes
- WordPress 4.2.4 hashes
1.4.5
1.4.4
- WordPress 3.7.3 hashes
- WordPress 3.7.4 hashes
- WordPress 3.7.5 hashes
- WordPress 3.7.6 hashes
- WordPress 3.7.7 hashes
- WordPress 3.8.4 hashes
- WordPress 3.8.5 hashes
- WordPress 3.8.6 hashes
- WordPress 3.8.7 hashes
- WordPress 3.9.4 hashes
- WordPress 3.9.5 hashes
- WordPress 4.0.2 hashes
- WordPress 4.0.3 hashes
- WordPress 4.0.4 hashes
- WordPress 4.1.4 hashes
- WordPress 4.2.1 hashes
1.4.3
1.4.2
1.4.1
- WordPress 3.9.3, 4.1, 4.1.1 and 4.1.2 hashes
1.4
- Remove an example link to a hacked site
- Fixed the eval() check incorrectly matching function names that end in “eval”
- Fixed some PHP warnings
- WordPress 3.5.2 hashes
- WordPress 3.6 and 3.6.1 hashes
- WordPress 3.7, 3.7.1 and 3.7.2 hashes
- WordPress 3.8, 3.8.1, 3.8.2 and 3.7.3 hashes
- WordPress 3.9, 3.9.1 and 3.9.2 hashes
- WordPress 4.0 and 4.0.1 hashes
1.3.3
- WordPress 3.5 and 3.5.1 hashes
1.3.2
1.3.1
1.3
- Detect unknown files in the wp-admin and wp-includes directories
- WordPress 3.4 hashes
1.2.1
1.2
- WordPress 3.3.1 hashes
- Use help tabs introduced in WordPress 3.3
- Help prevent one cause of hanging scans (MySQL error 1153)
1.1
- Scan for and fix old, vulnerable TimThumb scripts
- Detect old export files even if they’re larger than the size limit
- WordPress 3.3 hashes
1.0.5
- WordPress 3.2 and 3.2.1 hashes
1.0.4
- WordPress 3.1.4 hashes
- Suspicious pattern updates and tweaks
1.0.3
- Detection of export files left by incomplete imports.
- WordPress 3.1.3 hashes
1.0.2
- WordPress 3.0.6 and 3.1.2 hashes
1.0.1
1.0
- Core file diffs
- WordPress 3.1 hashes
- Updated suspicious patterns
0.97.6
0.97.5
- WordPress 3.0.4 hashes
- Dropped wp-content from hashes
0.97.4
- WordPress 3.0.3 compatibility
0.97.3
0.97.2
0.97.1
0.97
- AJAX paging
- simplified results system (now only 3 levels)
- contextual help
- moved to Tools menu section
- a number of backend changes
0.96
- Compatibility for WordPress 3.0
0.95
- Added “exploits” scan level for obvious hacker exploit code.
- Stored results for later review.
- Rearranged layout of results.
- Paged scanning so plugin scans 50 files at a time to avoid timeout errors.
- Only show “General Info” to non MU sites (it’s too expensive for large MU sites)