Checking for hacked files in Wordpress Site

[knifebunny]

Wordpress hackers typically upload scripts that execute 'eval'

in the public_html or docroot directory for the website you can use

find . -type f | xargs grep eval


note that you should carefully scan the output as there are many files in wordpress that use eval, including plugins, however this should help narrow down the results

You can also consider adding the "wordfence" plugin into Wordpress

There is a new setting:

Improvement: Added "high sensitivity" scanning which catches evals with other bad functions but may give false positives. Not enabled by default.


Consider switching this on also