How to find hacked WordPress files -

WordPress hosting done right. done fast. done secure

GET STARTED
Menu

How to find hacked WordPress files

Most WordPress hacks contain certain php code. It’s always better to catch the hack as soon as you can. Before customers start to ring, before the hack spreads and causes worse problems.

Following is a bash script that you can use to find potential hacked WordPress accounts.

 

if find /home/ -mtime -1 -type f -name '*.php*' | xargs grep -P -l '^(?=[\s]*+[^#])[^#|^\*]*(eval *\()' | xargs grep -l -E "str_replace *\(|gzinflate *\(|base64_decode *\("|grep -v -f /etc/scripts/findPhpHackedFiles.exclude; then
     echo found hacked files;
	#send an email alert or similar
fi

The -1 above is the number of days to check, if you run the scripts from /etc/cron.daily/ then -1 is appropriate.

You need an exclude file, as some common plugins behave like hacked code, here are some of the entries you’ll need

 

virtfs
quarantine
plugins/worker/functions.php
beaver
thrive

 

By on January 13th, 2018 ,

Email or call, and we can arrange a time to chat call 0412927156 or CONTACT US TODAY!