Check my WP site for base64 code?

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,477
Points
63
Is there a way to scan my WordPress site for potentially malicious code? I read a few articles and they said that I need to check my WP site for base64 code but where and how then they didn't say in details. Can you guide me?
Your help would be appreciated.
 

mobin

Well-known member
Registered
Joined
Jun 22, 2017
Messages
234
Points
28
If you are a website owner, the common and useful security plugin for WP nowadays I am hearing is wordfence. That also has a feature that actively protecting your installation. But I don't have any previous experience with it and cannot recommend; please check user reviews and see if that is useful for you.

Another easy technique is to download your files locally, scan with an updated anti-virus , clean the reported code and upload back to the server. Finally, if you can get hold on your technical support team, check whether the server is loaded with scanner software, so that you can use it to scan.
 

Sean101

Member
Registered
Joined
Apr 15, 2016
Messages
60
Points
8
As my experience, base64 code can in included in your Wordpress file and databases.
Download your files and databases to your PC and using a tool and starting search with base64 or eval. It is better if you can manually check your files and find any suspicious codes because hackers tend to encrypt their codes to protect from viewing.
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
VirtuBox
My opinion = no wordfence ...
Here some command to check your wordpress instance :

Code:
# If the hack was recent, check lastly modified files
$ find . -mtime 0

# Some hacks are nice enough to include a comment for when a block starts/ends  (ex: //istart)
$ find . -type f -name "*.php" | xargs grep -H "istart"

# Normally files with hacks use base64 encoded data in an attempt to hide code
$ find . -type f -name "*.php" | xargs grep -H "base64_decode"

# Eval-ing of code is usually a sign of something naughty (allthough lots of plugins etc use this)
$ find . -type f -name "*.php" | xargs grep -H "eval("

# Sometimes php files are "hidden" inside the javascript assets folder
$ find wp-includes/js -type f -name "*.php"
Source : https://gist.github.com/andersevenrud/63b567e3489aafde64a6
 
Older Threads
Replies
14
Views
6,402
Replies
3
Views
4,605
Replies
1
Views
3,085
Replies
3
Views
1,687
Recommended Threads
Replies
2
Views
1,215
Replies
3
Views
2,998
Replies
1
Views
1,501
Replies
12
Views
4,884
fwh

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top