Home
Scan WordPress with Sucuri Malware SiteCheck Plugin

Scan WordPress with Sucuri Malware SiteCheck Plugin

No Comments Entrepreneurialism

Hosting Mautic QuickStart -50% with support in Spanish
24 hours and free training

Send up to 1,000,000 emails/year. Mautic support in Spanish 24 hours, 365 days

It is important to note that WordPress receives constant important updates in the core of the CMSmost of them aimed at improving their security, and incidentally implementing improvements in the administrator tools and blog functionalities.

We talked about how to scan WordPress with Sucuri Malware SiteCheck.

Notwithstanding the third party pluginsplugins and themes, continue to be constantly and unstoppably affected by vulnerabilities of all kinds, highlighting those of SQL injection, XSS (Cross-Site Scripting), RFI, CRLF, CSRF, Base64 as the most common followed by malware that affects an important part of sites that operate with this CMS, the first in the list of the most used worldwide. Not surprisingly, there are currently more than 75 million websites running under WordPress.

It is because of that One of the most important aspects to take into account when working with WordPress is security.which we have already talked about in this Blog on previous occasions and which we are going to deal with in this article, focusing on the malware detectionthe leading cause of website infection today.

Avoiding requests in WordPress using .htaccess

Periodically analyzing a WordPress site is just as important as preventing a site from being analyzed externally, mainly by malicious users who use malicious tools in order to obtain responses to requests that serve to profile vulnerable sites that are likely to be attacked.

The following code represents a robust set of rules that can be inserted into your website archive .htaccess which prevents URL requests from many of the common WordPress injection attacks:

See also  How to activate SSL and HTTPS in WordPress -


RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK)
RewriteRule ^(.*)$ –
RewriteCond %{QUERY_STRING} \.\.\/
RewriteCond %{QUERY_STRING} boot\.ini
RewriteCond %{QUERY_STRING} tag\=
RewriteCond %{QUERY_STRING} ftp\:
RewriteCond %{QUERY_STRING} http\:
RewriteCond %{QUERY_STRING} https\:
RewriteCond %{QUERY_STRING} (\|%3E)
RewriteCond %{QUERY_STRING} mosConfig_{1,21}(=|%3D)
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\)
RewriteCond %{QUERY_STRING} ^.*(\|\(|\)||ê|”|;|\?|\*|=$).*
RewriteCond %{QUERY_STRING} ^.*(“|’|<|>|\|{||).*
RewriteCond %{QUERY_STRING} ^.*(%24&x).*
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).*
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).*
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).*
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^(.*)$ –

If we consult the daily trend of attacks on the HackMageddon site, we observe a variability with punctual peaks that are due to important attacks on relevant government or company sites.

Click on image to enlarge

Analyzing WordPress with Sucuri SiteCheck

To better control what happens in a WordPress installation, on the server side, we are going to focus on the use of the plugin SiteChecka free scanner developed by the sucuri security team company of recognized international prestige IN UPPERCASE.

Not to be confused with the commercial plugin Sucuri WordPress offered in your Sucuri service plans, with the Sucuri SiteCheck Malware Scanner for WordPress It brings a scanner for scanning a WordPress site, right inside your WordPress dashboard.

Plugin improvements:

  • Tested for WordPress 5.0 and above.
  • Removed PHP warnings.
  • Improved framework.
  • Improved styles.
  • Removed old malware page.

Here it is from the WordPress repository.

The interesting thing here is that the plugin has been tested for the current version of WordPress, and the plugin framework has been adapted so that it is now ready with new features and functionality.

the plugin Sucuri Security – Auditing, Malware Scanner and Security Hardening checks a WordPress site for malware, spam, blacklisting, and other security issues like redirects in the .htaccess file, hidden eval() code, etc. Best of all, this plugin is completely free.

See also  Astra Pro theme update error

Click on the image to go to the plugin link

Analyzing the web online from Sucuri SiteCheck

For those who do not want to install this plugin or for users of other CMS like Joomla, you can always scan your website from the Sucuri project url.

Click on image to enlarge

Sucuri SiteCheck detects various types of malware, SPAM injections, web page errors, disabled sites, database connection issues, and code anomalies that require special attention:

  • Obfuscated JavaScript injections.
  • Cross Site Scripting (XSS).
  • Web defacements.
  • malicious and hidden.
  • PHP Mailers
  • Phishing attempts.
  • malicious.
  • Backdoors (eg C99, R57, Webshells).
  • abnormalities
  • Drive-by-downloads.
  • IP Cloaking.
  • Social engineering attacks.

There are a number of blacklists that monitor for malware, spam, and phishing attempts. Sucuri SiteCheck takes advantage of the corresponding API to check the status of your website on these blacklists:

  • Sucuri
  • Google Safe Browsing
  • Norton
  • AVG
  • Tank (specifically Phishing).
  • McAfee SiteAdvisor

Anomaly detection has been improved by implementing 1-click options in the Malware SiteCheck scanner. Some of these options provide a high level of security, but together these options reduce the level of risk:

  • Verification of the WordPress version to avoid being vulnerable due to being outdated.
  • Protection of the /Uploads directory.
  • Access restriction to /wp-content.
  • Access restriction to /wp-includes.
  • PHP version check.

Conclusions

On the order of 5 to 10 WordPress vulnerabilities are published weekly, the vast majority related to third-party plugins that are affected by malware, SQL injection, XSS and other vulnerabilities that affect websites developed with WordPress. Using plugins like SiteCheck Malware Scanner They allow us to have greater control of the current state of security that guarantees its stability.

See also  E_ERROR WOOCOMMERCE POS receipt printing

WordPress offers many plugins and themes (themes) that enhance the functionality of a website at minimal cost. However, you have to be aware of the fact that they may contain hidden vulnerabilities or even malicious code that can compromise a WordPress website. It is very important to download plugins and themes from trusted developers or sites and also keep them updated at all times to ensure WordPress security.

Reviewing these points will help us keep WordPress more secure:

  • Check if installed plugins and themes are safe.
  • Check if there is a newer version of the installed plugins, themes or the WordPress CMS.
  • Check if the account access credentials are insecure, for example, if the passwords are weak.
  • Check if the WordPress database prefix is ​​easy to guess.
  • Review .htaccess file configuration issues.
  • Check if the root account is used for database access.
  • Check if files and directories have insecure permissions (777).

This table shows the breakdown of the types of vulnerabilities found in WordPress plugins:

Click on image to enlarge

To be aware of the vulnerabilities that are appearing, it is important to document yourself from trusted sites where notices are constantly published that include vulnerabilities discovered by developers and third parties.

Help us improve our content by sharing your opinion

Member of the technical support team.
Coordinator of contents in the Blog and in Youtube.
Technical support in CyberProtector. Teacher at University

Related posts:

  1. How to install WordPress – Tutorial in Spanish (2022)
  2. What is it and how to fix the err_connection_reset error
  3. What is Content Curation and what tools to use?
  4. What is FTP and what is it for? –

Related Posts

Loading Facebook Comments ...
Loading Disqus Comments ...