WordPress is definitely the best CMS available. But it still has some loopholes in terms of security which can be easily exploited by a hacker. And that’s why WordPress provide regular security updates and patches to prevent hacker from exploiting WordPress. But it also depends on what type of themes and plugin do you use.

Exploit Scanner is a free WordPress plugin by Donncha O Caoimh. The plugin allows you to scan all your WordPress files and database to find malicious codes and scripts that could compromise your WordPress blog. If your WordPress blog is compromised its possible that a hacker could target your blog by uploading some malicious files. The plugin will not stop someone hacking to your blog, but it can help you to find and detect malware or malicious files. If you find something suspicious, it can be removed manually or you can hire someone to remove it.

Installing Exploit Scanner

The plugin is very simple to use. Just head over to the plugin repository and search for Exploit Scanner or click here to download the plugin. Once when installed, activate the plugin and head over to the plugin page at Tools > Exploit Scanner.

How to Setup Exploit Scanner

You will find three option to set before you run the scan.

The first option is use to find CSS styles such as display:none; or visibility:hidden; which can be used to find hidden or invisible spam links. The second option lets you to define the upper file size limit to scan a file. I would recommend around 1MB to 1.5MB, so all your files are scanned. And the third option lets you to select the number of files required to scan per batch. Don’t change it to higher value or it will consume more memory. Keep it 250 or less than that.

Interpreting Results

Once you run the scan, it will scan your entire root directory including database, WP core files, plugins, themes and even the upload media directory. No matter what number of files you blog host, it will scan each file.

Once the scan is finished you will see three level of warning – Level Severe [High Priority], Level Warning [Mid Priority] and Level Note [Low Priority]. It’s very likely that the plugin will show you a false warning even if it’s a severe level warning.

The plugin looks for malware, gzip, base64, iframe, hidden code, and eval statements. Unfortunately these codes are used by malware and for WordPress themes and plugins.

For example if you see a severe level warning you can see a Fix now link.

See another example;

It’s a base64 code that was found at level severe, which is not harmful. But if you find something like a bunch of random characters code like shown in below, then you should take a note down of it.

As you can see above the malware code is encoded in base64 language, which can be executed by an eval statement. The code might redirect to some spam links or it can be some malware that can be blocked by search engines. If you see these type of codes you can decode it in simple text using a base64 decoder. You can also come across some CSS styles which are used for hiding some link or text and iframe codes which can be used by hackers to load remote code or links from other places. You can easily find these type of codes. See the example below:

Removing such malware are easy if you know where exactly it’s located. However in some case if its unable to detect and your blog is still showing malware notification on the front page, you should replace all your themes and do a clean reinstall of WordPress core files or you can simply hire some expert to remove such malware. Security is of course an important issue with WordPress and so its important that you take preventive measures before it gets attacked by such malware.