Check my WP site for base64 code?

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,501
Points
63
Is there a way to scan my WordPress site for potentially malicious code? I read a few articles and they said that I need to check my WP site for base64 code but where and how then they didn't say in details. Can you guide me?
Your help would be appreciated.
 

mobin

Well-known member
Registered
Joined
Jun 22, 2017
Messages
234
Points
28
If you are a website owner, the common and useful security plugin for WP nowadays I am hearing is wordfence. That also has a feature that actively protecting your installation. But I don't have any previous experience with it and cannot recommend; please check user reviews and see if that is useful for you.

Another easy technique is to download your files locally, scan with an updated anti-virus , clean the reported code and upload back to the server. Finally, if you can get hold on your technical support team, check whether the server is loaded with scanner software, so that you can use it to scan.
 

Sean101

Member
Registered
Joined
Apr 15, 2016
Messages
60
Points
8
As my experience, base64 code can in included in your Wordpress file and databases.
Download your files and databases to your PC and using a tool and starting search with base64 or eval. It is better if you can manually check your files and find any suspicious codes because hackers tend to encrypt their codes to protect from viewing.
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
VirtuBox
My opinion = no wordfence ...
Here some command to check your wordpress instance :

Code:
# If the hack was recent, check lastly modified files
$ find . -mtime 0

# Some hacks are nice enough to include a comment for when a block starts/ends  (ex: //istart)
$ find . -type f -name "*.php" | xargs grep -H "istart"

# Normally files with hacks use base64 encoded data in an attempt to hide code
$ find . -type f -name "*.php" | xargs grep -H "base64_decode"

# Eval-ing of code is usually a sign of something naughty (allthough lots of plugins etc use this)
$ find . -type f -name "*.php" | xargs grep -H "eval("

# Sometimes php files are "hidden" inside the javascript assets folder
$ find wp-includes/js -type f -name "*.php"
Source : https://gist.github.com/andersevenrud/63b567e3489aafde64a6
 
Older Threads
Replies
14
Views
7,525
Replies
3
Views
5,035
Replies
1
Views
3,430
Replies
3
Views
1,912
Latest Threads
Replies
0
Views
24
Replies
1
Views
38
Replies
0
Views
227
Replies
1
Views
49
Recommended Threads
Replies
50
Views
19,866
Replies
3
Views
3,307
Replies
5
Views
3,832

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top