WP-MalWatch WordPress Security Plugin
Improving WordPress blog security requires a combination of vulnerability detection, attack blocking, and scanning. The authors at How-To-Blog.TV have several recommendations when it comes to vulnerability detection and security attack blocking. However, we could not find a simple solution for taking the chore out of scanning for evidence of malware in a WordPress blog. So we contracted a great WordPress plugin developer to write WP-MalWatch for us. WP-MalWatch was released on January 27, 2009. It is a FREE plugin and is awaiting approval in the WordPress subversion repository.
WP-MalWatch is a WordPress security plugin designed to scan a WordPress blog on a nightly basis to alert a blog owner of potential malware or other evidence of a compromised blog installation. The current version of WP-MalWatch is 1.1.0 and supports:
- Scanning the Uploads directory for PHP files. (symlink friendly)
- Scan entire installs for multiple .HTACCESS files (symlink friendly)
- Dashboard Widget
- Report Page
WP-MalWatch requires WordPress 2.9 and PHP5. If you aren’t on those platforms, shame on you as you are asking for security issues!
WP-MalWatch is a FREE WordPress plugin created by Orangecast Social Media in Dallas, TX. There are three ways you can contribute:
- Provide constructive feedback and ratings on the plugin in the WordPress plugin repository.
- Donate to the future development of WP-MalWatch.
- Contribute to the plugin by writing a scanning module.
WP-MalWatch was built in a highly modularized fashion that allows for detection tasks to be added to the overall WP-Malwatch framework. Planned future scanning capability additions include:
- Detection of Ecode64 PHP injection strings in core WP files.
- Planting of multiple .HTACCESS files.
- Detection of URLs in theme files based on specific keywords (e.g. http://abcdomain.com/cheap-software)
- Custom Scheduling
- Email notifications
If you are interested in contributing a scanning module to WP-MalWatch or having a scanning module idea, please contact us at wp-malwatch /@/ how-to-blog.tv. If you would like to contribute to How-To-Blog.TV as a guest writer in the area of security or securing WordPress, please contact at info /@/ how-to-blog.tv as we can always use writers who are passionate and knowledgeable about WordPress and blogging.