Finding compromised plugins in WordPress

I’ve just released version 0.1.2 of wp-checksum a new wp-cli sub command.

Wp-cli has been able to verify checksums of the WordPress core for some time now. This is a powerful command whenever you’re dealing with a site that might be hacked. With Wp-checksum, we bring the verification functionality to standard plugin and themes as well. Finding one or more of files in a WordPress installation that have been altered is a very serious warning signal. Having a tool that checks each individual file automatically is very powerful.

What does it do?

The tool will index every single file inside each theme or plugins folder and calculate a checksum for it. That checksum is then compared to the checksum of the same file of the original plugin code. Wp-checksum also detects new files that have been added to the plugin folder. Any plugin and theme that was originally installed from the WordPress repository can be checked.

The default output format is a standard wp-cli formatted table. But there are options to output as json, yaml or csv as well.

WP-checksum output

At this point, the wp-checksum command uses a centralized database that keeps track of all versions of all themes and plugins on the repo, accessible via an API.  Using a centralized database is not only beneficial for performance reasons, it also means that over time we should be able to include some of the most popular premium plugins in there.

It’s on Github

To install and try wp-checksum on your installation, head on over to github to read more and get the installation instructions.

 

Leave a Reply

Your email address will not be published. Required fields are marked *