Answer the question
In order to leave comments, you need to log in
Q
Q
qwert5662020-12-17 16:58:31
qwert566, 2020-12-17 16:58:31
How to control the appearance of new Trojan files in WordPress?
So I want to know and control all my files on the server, I installed the necessary modules, but I come to the conclusion that this is impossible with WordPress, is it?
First I installed All In One WP Security, I got interested in the scanner. The scanner reports all the changed files and new ones, but core files are updated automatically, plugins are also constantly updated, so it will always show that something has changed, one wonders why the hell is it needed at all? Demolished.
I installed WP Cerber Security, where the scanner acts smartly - it compares the file on the server with the file in the repository, and if there is no difference, then everything is OK, if there is, it reports. Part of the problem has been solved.
But what about the new files that have appeared? Is there a plugin that says that this file or folder does not belong to the WordPress core or plugins?
After all, it is not always possible to understand what kind of file it is, whether it is a virus or necessary, whether to delete it or not. I will give simple examples.
Compared to the last check, Cerberus says I have the following files:
\wp-admin\js\application-passwords.js
\wp-admin\includes\class-wp-application-passwords-list-table.php
Opened looked at them, normal code. And what should I do with them? How to understand whether some plugin installed them or not? WP Cerber Security shows in addition to new and changed files "Unaccompanied files" marking some of them as suspicious code, but in this list of marked files there are many legal files, for example:
\wp-admin\user-new.php
...which is related to the core. The function is also useless.
So how to be and keep files on the server under control?
PS Updates are done in a timely manner, I do not install incomprehensible plug-ins.
2 answer(s)
@m0ze
No not like this. Control is possible both at the WordPress level and at the file system level.
The answer is in the question itself: track changes in files with an emphasis on traces of hacking.
Not a part, you just haven't delved into all the nuances of the plugin.
"Cerberus" marks new files in its report, look at the plugin settings
- Monitor new files: [Executable files | All files];
- Monitor modified files: [Executable files | All files].
Check out Website File Changes Monitor , maybe this plugin will suit you.
Oops: similar functionality - all of a sudden! - quite easy to get around when hacking, so don't rely on these plugins too much.
How do you expect that without experience with malware, but with a plugin and clicking the mouse, you will cope? This is a bit of a different area for everything to be so primitive. All scanners have their own side effects, incl. and false positives when legitimate files are included in the report. We went through the top plugins in one article ][ , read it.
Instead of plugins, it’s better to take a closer look at Git or tracking changes at the FS level, if you have at least a VPS, and not a shared one (there can be several solutions in general, ranging from scripts to third-party software), and don’t forget about regular backups.
M
m0ze, 2021-01-30 @m0ze
So I want to know and control all my files on the server, I installed the necessary modules, but I come to the conclusion that this is impossible with WordPress, is it?
No not like this. Control is possible both at the WordPress level and at the file system level.
First I installed All In One WP Security, I got interested in the scanner. The scanner reports all the changed files and new ones, but core files are updated automatically, plugins are also constantly updated, so it will always show that something has changed, one wonders why the hell is it needed at all?
The answer is in the question itself: track changes in files with an emphasis on traces of hacking.
I installed WP Cerber Security, where the scanner acts smartly - it compares the file on the server with the file in the repository, and if there is no difference, then everything is OK, if there is, it reports. Part of the problem has been solved.
Not a part, you just haven't delved into all the nuances of the plugin.
But what about the new files that have appeared?
"Cerberus" marks new files in its report, look at the plugin settings
/wp-admin/admin.php?page=cerber-integrity&tab=scan_settings- Monitor new files: [Executable files | All files];
- Monitor modified files: [Executable files | All files].
Is there a plugin that says that this file or folder does not belong to the WordPress core or plugins?
Check out Website File Changes Monitor , maybe this plugin will suit you.
Oops: similar functionality - all of a sudden! - quite easy to get around when hacking, so don't rely on these plugins too much.
After all, it is not always possible to understand what kind of file it is, whether it is a virus or necessary, whether to delete it or not.
How do you expect that without experience with malware, but with a plugin and clicking the mouse, you will cope? This is a bit of a different area for everything to be so primitive. All scanners have their own side effects, incl. and false positives when legitimate files are included in the report. We went through the top plugins in one article ][ , read it.
Instead of plugins, it’s better to take a closer look at Git or tracking changes at the FS level, if you have at least a VPS, and not a shared one (there can be several solutions in general, ranging from scripts to third-party software), and don’t forget about regular backups.
Similar questions
R
R
I
F
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question