WPScan WordPress Security Scanner – BackTrack 5 R3

Home Forums BulletProof Security Pro WPScan WordPress Security Scanner – BackTrack 5 R3

Viewing 4 posts - 16 through 19 (of 19 total)
  • Author
    Posts
  • #7486
    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13.3+ and BPS free 2.4+ versions have a malware scanner > BPS MScan Malware Scanner
    You can use the BPS MScan Malware Scanner to detect hacker files or code anywhere under your Hosting Account or database.

    If you are using the String Finder tool then search for one of the WordPress “author links” functions.  If you are using the cURL scanner then search for the actual username.  The String Finder tool searches for code and text before it is outputted to the Browser – a WordPress “author links” function.  The cURL scanner searches for outputted code in your Browser – your outputted username/user account name that is outputted by the one of the WordPress “author links” functions.

    #7489
    Andre
    Participant

    Okay.
    As I cannot use cURL scanner in my hosting environment, I tried it with:

    Searched "/var/www/virtual/website.com/htdocs/wp-content/themes" for string "the_author_link":
    
    No results returned
    Searched "/var/www/virtual/website.com/htdocs/wp-content/themes" for string "the_author":
    
    No results returned
    Searched "/var/www/virtual/website.com/htdocs/wp-content/themes" for string "the_author_posts_link":
    
    No results returned
    Searched "/var/www/virtual/website.com/htdocs/wp-content/themes" for string "get_author_posts_url":
    
    No results returned

    and

    Searched "/var/www/virtual/web-assembler.com/htdocs/wp-content/themes" for string "get_the_modified_author":
    
    No results returned

    in

    /var/www/virtual/website.com/htdocs/wp-content/themes

    more to do?

    #7491
    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13.3+ and BPS free 2.4+ versions have a malware scanner > BPS MScan Malware Scanner
    You can use the BPS MScan Malware Scanner to detect hacker files or code anywhere under your Hosting Account or database.

    Try just using the search words – author and authors.  Also search your plugins folder for these search words.  There are 14 different WordPress author functions and all of them contain the word author or authors.

    #7492
    AITpro Admin
    Keymaster

    If your username/User Account is ALREADY known and is being used in Brute Force password attacks then you will first need to ensure that your username/User Account is not publicly displayed anywhere and then create a new Admin account and delete the old Admin account.  Be sure to associate all posts and pages with the new Admin account when deleting the old Admin account.

Viewing 4 posts - 16 through 19 (of 19 total)
  • You must be logged in to reply to this topic.