-
-
Notifications
You must be signed in to change notification settings - Fork 13
Docs: Diagnostics & Threat Scan
Create a test submission. This is a great way of validating in real time that your configurations are working the way that you intended. Your submission can be against the general list of option settings or specifically against the country array.
Load all option configurations onto the page, which can be useful for debugging.
You can load all stats onto the page, which can be useful for debugging.
Two separate functions to either show or delete the debug file.
See what PHP version your website is running.
The process searches PHP files for the occurrence of the eval() function, which, although a valuable part of PHP is also the door that hackers use in order to infect systems. The eval() function is avoided by many programmers unless there is a real need. It is often used by hackers to hide their malicious code or to inject future threats into infected systems. If you find a theme or a plugin that uses the eval() function it is safer to delete it and ask the author to provide a new version that does not use this function. The scan can take a few seconds and, on larger or slower systems, can time-out.
When you scan your system you will often see the eval used in Javascript because it is used in the Javascript AJAX and JSON functionality. The appearance of eval in these cases does not mean that there is a possible threat. It just means that you should inspect the code to make sure that it is in a Javascript section and not native PHP. The process continues its scan by checking the database tables for Javascript or HTML where it should not be found.
Normally, Javascript can be found in the post body, but if the script tag is found in a title or a text field where it does not belong it is probably because the script is hiding something, such as a hidden admin user, so that the normal administration pages do not show bad records. The scan looks for this and displays the table and record number where it believes there is something hinky.
The scan continues looking in the database for certain HTML in places where it does not belong. Recent threats have been putting HTML into fields in the options table so that users will be sent to malicious sites. The presence of HTML in options values is suspect and should be checked.
The options table will have things placed there by plugins so it is difficult to tell if scripts, iframes, and other HTML tags are a threat. They will be reported, but they should be checked before deleting the entries.
This process is just a simple scan and does not try to fix any problems. It will show things that may not be threats, but should be checked. If anything shows up, you should try to repair the damage or hire someone to do it. I am not a security expert, but a programmer who discovered these types of things in a friend’s blog. After many hours of checking I was able to fix the problem, but a professional could have done it faster and easier, although they would have charged for it.
You probably do not have a backup to your blog, so if this scan shows you are clean, your next step is to install one of the plugins that does regular backups of your system. Next, make sure you have the latest WordPress version.
If you think you have problems, the first thing to do is change your user ID and password. Next make a backup of the infected system. Any repairs to WordPress might delete important data so you might lose posts, and the backup will help you recover missing posts.
The next step is to install the latest version of WordPress. The new versions usually have fixes for older threats.
You may want to export your WordPress posts, make a new clean installation of WordPress, and then import the old posts. If this doesn’t work it is time to get a pro involved.