I got a letter from my host telling me that there were some brute force password attacks coming from my server. I don't engage in any of that kind of wrongdoing, so I assumed that my server must have been compromized. I took everything down and reprovisioned the VPS. And I started everything up from scratch. I made backups before I brought it all down.
Perhaps my WordPress install was compromized and that's how someone compromised my server, I thought. Now I have a clone of the Wordpress site running in Virtualbox and I want to see if there's any kind of way to scan the Wordpress install and find out if there's any signs that it's been compromised.
I'd guess there's a plugin or script that can scan a WordPress installation for exploits.
The scanner gave a ton of results, much of them being pretty ambiguous. It seemed like there were a lot of false positives.
Here's an example. It reported a file:
CSS style used to hide parts of a web page (often used legitimately)
And then it just showed that this file had a CSS style that said:
And that's not a terrible hack or anything. In fact, there were lots of lines like that. I guess I have to scan through them all to see if there's a rootkit or something serious.
I uninstalled the Exploit Scanner and I found Anti-Malware Security and Brute-Force Firewall.
This plugin was described as:
This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
That sounded good so I installed it. There is a button that says "Run Complete Scan" so I clicked it.
The results list was easy to understand and gave a list of potential threats. These were file names that I could click on and investigate. I didn't find any problems.
I'm pretty pleased with the results of my WordPress malware scans. I don't think I have any exploits, going by these two highly rated WordPress exploit scanners. And I think I'm going to transfer my WordPress site, currently running in VirtualBox, to a live server.