Full Version: Checking for hacked files in Wordpress Site
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Wordpress hackers typically upload scripts that execute 'eval'

in the public_html or docroot directory for the website you can use

find . -type f | xargs grep eval

note that you should carefully scan the output as there are many files in wordpress that use eval, including plugins, however this should help narrow down the results

You can also consider adding the "wordfence" plugin into Wordpress

There is a new setting:

Improvement: Added "high sensitivity" scanning which catches evals with other bad functions but may give false positives. Not enabled by default.

Consider switching this on also
Reference URL's