Your wordpress got hacked?
This simple tool helps you to find malicious code in your wordpress installation.
PLEASE BE AWARE: This script is new and will be pointing out lots of false positives. Please check all the findings manually! Feel free to send me wordpress malware samples: Ben
Just clone this repo and move following files into your wordpress root directory:
- wp-rex.php
- wp-rex-shell
If there is no redirect (e.g. in the .htaccess-file or via malware) and you can reach your wordpress blog as usual:
- visit
https://url-to-your-wordpress-blog.tld/wp-rex.php
If you do not have web access to your blog, connect to your webspace/server via the command line / SSH and navigate to your wordpress root-directory. Then execute following command:
./wp-rex-detector DAYS(DAYS = check changed files for the last X days - default: 7)
- all-in-one script via url-access
- removed "md5" from search expressions (thx to @felsqualle)
- new regex
- implemented correct modification changes to php-file
- add new regexes on a regular basis
- check for bad file permissions?
- more cool features (send me a feature request @foulenzer)