WordPress blogs running old versions of the WordPress script are vulnerable to various hacker attacks, Donncha published an article on the same topic few days back. Today he has released a plugin called WordPress Exploit Scanner, useful for wordpress users to check their blogs for any attacks.
This WordPress Plugin searches the files on your site for a few known strings sometimes used by hackers, and lists them with code fragments taken from the files. It also makes a few checks of the database, looking at the active_plugins blog option, the comments table, and the posts table.
You can also search with other possible strings using the plugin. I used this plugin on this blog and it didn’t find anything but there are some false positives, including this plugin itself. Author of the plugin says if it is flagging exploit scanner that is a good sign that it is working.
To use this plugin you must be running WordPress 2.5.1 or higher. If you have a older version of the wordpress blog upgrade to latest version and test for any hack attempts with this plugin.
Download WordPress Exploit Scanner
Nirmal says
I’ll also try this out.
Joel Thomas says
This is one of the must have plugin for security issues. Maybe the next step would be to have a real time monitor plugin which will alert the admin incase of any event like this.