I’ve been discussing security issues with timestocome and had a go at writing a little hack alarm script. It is designed to pick up when someone has put comments or posts containing malicious code directly into your database (bypassing WordPress security) or uploaded executable files to your web server file system. This is not a very complete test but it might be useful when combined with other security checks. It does nothing to actually protect your system. My main aim is to prevent users being affected by malicious code and google blacklisting the site.
It gives you the following features:
- a filter which checks post (including page) and comment content. If it finds anything (there’s an array of strings it checks for – it’s pretty agressive, by default it flags up “javascript” with a colon on the end [I can't type it here cos I'm running the script!]) then it displays a message above the page/post and completely HTML encodes the content (so a malicious “<iframe>” would become “<iframe>” thus disarming it)
- a dashboard widget which scans all files from ../.. (which on a standard install is ‘public_html’ since the script runs in ‘wp-admin’) and alerts you to any files with execute permission (which is a bad sign).
- the dashboard widget lists any posts/comments which trigger the above checks
Here’s the zip file.
