WordPress scanner plugin to detect and clean up malware injection in the database?

L

Leonid2020-03-05 11:42:45

Malware

Leonid, 2020-03-05 11:42:45

This is the Malware JavaScript code that was added to the end of every post and page on the WordPress site:

Cured by rolling back to a backup made 3 days ago. I scanned it with the Wordfence Security

plugin - it didn't find anything. I found a copy of the site's files from a month ago - I compared it with the files of the infected site - I did not find any suspicious changes in the files. I'll write about it in Wordfence Security support - so that they add it, but still I wonder what other scanner plug-in can I use? If there are no changes in the files, what remains: - an outdated version of WordPress 4.9.13 - a vulnerability in the theme - a vulnerability in older versions of some plugins used

- did the infection on the computer of users-editors with access to the admin panel
miss anything?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

V

vldud, 2020-03-06
@vldud

I often use AI-Bolit https://revisium.com/ai/
It's free, it detects malicious code well. If you need to check the database, then make a dump and feed the file with sql to the antivirus.

L

Leonid, 2020-03-06
@easycode

I wrote to Wordfence Security support - I hope they will add the signature of this code to their database)

M

MrGroovy, 2020-11-24
@MrGroovy

Missed nothing. In my opinion, the most likely cause is an outdated WP. This version doesn't properly filter comment content (with default settings), which is an XSS vulnerability. Thus, JS code can be added under each post and Wordfence Security will not show anything.
To find these and other vulnerabilities in WordPress, you can use the WP Scanner.
Offhand, these are:
- https://metascan.ru ;
- wprecon.com
- hackertarget.com/wordpress-security-scan.
Vulnerabilities in themes and exploits in older versions of plugins can play a role. Especially free "cracked" ones, you can often find malicious code in them.