WP-MalWatch Released to Protect Your Blog From Hacking Varmints

by Jerod Morris on January 29, 2010

Post image for WP-MalWatch Released to Protect Your Blog From Hacking Varmints

To all the hackers out there who would use other people’s blogs for their own personal gain, I say shame on you. What a bunch of dirty, stinking, rotten, no-good varmints.

That’s right, varmints.

It’s not a word that you hear every day, but it is certainly applicable to any conversation about hackers. Here is the definition:

var-mint; n – 1) an irritating or obnoxious person; 2) any usually predatory wild animal considered undesirable

Sounds about right.

I have wasted a good bit of time over the last few months dealing with the constant headaches of a hacked site, so the concept of hackers is one that has me, well, pretty hacked off right about now.

But luckily, I come to you today with good news for all of us who proudly use WordPress as our blogging engine of choice, for we now have one more weapon in the constant fight against unwanted intrusion: WP-MalWatch.

WP-MalWatch 1.0.2
Downloaded 124 times

What is WP-MalWatch?

WP-MalWatch is a WordPress security plugin that, as a part of the Orangecast Social Media team, I am proud to have been involved in developing. It performs a very simple task that can save bloggers a lot of time while providing much needed peace of mind.

Why Was WP-MalWatch Developed?

When we realized that a plugin with this functionality was not just desirable, but necessary, we contracted developer Nick Ohrn to take WP-MalWatch from idea to execution.

This post officially announces the release of WP-MalWatch, which can be downloaded from the WordPress Plugin directory. The plugin is ready and willing to be deployed on your website to help you flush out unwanted, unnecessary, and potentially destructive varmint files in your uploads directory.

The uploads directory, which is found within the wp-content folder of your WordPress install, is used for images, mp3 files, videos, etc. There should not be .php files or anything similar in this directory; however, it is a frequent target of hackers because it typically has more lax file permissions to facilitate the access that WP needs to run effectively.

When one of the sites I manage got hacked, I was constantly finding .php files, .htaccess files, and new index files in different folders within the uploads directory. This was leading to all kinds of devastating issues with the website, including a complete tanking of the site’s Google rankings (and traffic) because link juice was being drained by hundreds of hidden links on page after page of the site.

It was awful.

I found myself getting to the office and going one-by-one through the uploads folders every morning. If I had a nickel for every second I spent laboriously going through this directory, I could probably quit my job right now and never work again. As it was, I felt like hurling my laptop against the wall every day that I kept on finding new varmint files where they shouldn’t be.

And out of this frustration, WP-MalWatch was born.


WP-Malwatch will help you find the unwanted varmints in your uploads directory. You'll have to supply the gun though. (Image source: LarryWillis.com)

What Does WP-MalWatch Do?

Once every 24 hours, WP-MalWatch scans the uploads directory to make sure that there is nothing present that looks suspicious.

If everything looks good, you are alerted with a message in the dashboard. If something looks suspicious, you are also met with a dashboard message and can then go investigate for yourself to see what is going.

Either way, you’ll know what’s going in your uploads directory without having waste time combing through it yourself.

What Does WP-MalWatch Not Do?

WP-MalWatch does not actually clean out your uploads folder, nor would you want it to.

You are provided with the complete path to the file so that you can easily locate it via FTP or however you manage your WordPress files. This allows you to investigate it, assess what needs to be assessed, and then you can take the proper course of action.

The great part about WP-MalWatch is that it scans once a day so you’ll never have to go longer than 24 hours without knowing if something fishy is going on in your uploads directory. Speaking from experience, that is a godsend.

Why Should You Install WP-MalWatch on Your Blog?

My favorite plugins save me time, protect my blog, or provide functionality that I think my readers will enjoy. This plugin achieves two of the three and has already saved me time just in the day I’ve had it installed.

The way I see it, you now have two options:

  1. Discount the very real possibility probability that some nefarious hackers are trying to get into your site right now to either cause gratuitous harm to you, or to use your site for some other purpose that will benefit them (and hurt you too, of course).
  2. Understand the exigent security risks that every blog faces and add WP-MalWatch to your arsenal of defense.

Why stick your head in the sand? It will only come back to bite you.

I know. It bit me.

So check out the plugin, please leave any questions here or at the official WP plugin page, and be on the lookout for future versions and upgrades, which will support the detection of Encode64 PHP injections, multiple .HTACCESS files, and spammed keyword links in theme files.

We believe so strongly in WP users increasing their focus on security that we added it as a fifth pillar to this site. Our blog security section provides information on the topic and recommendations for products and services that can help prevent hackers, including affordable live detection/blocking software [affiliate link].

Don’t learn the hard way. Take it from us.

Be proactive about security now, so that you can minimize the time, money, and energy that you’ll have to spend on it later.

[Note: No varmints were harmed in the writing of this post. But hopefully with the help of WP-MalWatch, many hacking varmints will be harmed as a result of this post.]


How-to-Blog.tv Disclosure of Material Connection: This post contains one affiliate link, as denoted in the text. The authors of How-to-Blog.tv do not receive any compensation from downloads of WP-MalWatch. Regardless, we only recommend and endorse products, sites, and plugins that we use ourselves. We are disclosing this in accordance with the Federal Trade Commission’s 16 CFR, Part 255: “Guides Concerning the Use of Endorsements and Testimonials in Advertising.”

Leave a Comment

Previous post:

Next post: