60.gif
Best Blackhat Forum / Freebies / Software, Scripts, Plug-ins, Tools and Bots / Malicious Premium Plugin Alert; How to Detect

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

New Reply
 
08-27-2014, 04:22 AM (This post was last modified: 08-27-2014 03:24 PM by tiger6667.)
Post: #1
tiger6667 Offline
Super Active BBHF Member
*****
Posts: 5,070
Joined: Mar 2014

Reputation: 146
Malicious Premium Plugin Alert; How to Detect
How to Avoid, monitor, and save time the easy way; updated version

The malicious plugin catches all of us, when we have our guard down. Yes, the "free" premium plugin, is great until, it breaks your system There may be a few sites that explain the tools to guard against these malicious plugins and themes, but this post should cover what I have learned, "the hard way". These newly posted "premium plugins", may be free initially, but could cost plenty[Image: 82headbang.gif][Image: 82headbang.gif][Image: 82headbang.gif], especially if your time is valuable.[Image: 82headbang.gif][Image: 82headbang.gif][Image: 82headbang.gif] Not always touted as the most exciting, , the free preventative plugins on wordpress.org. are the best investment you can make, and they are free.


1. http://wordpress.org/plugins/baw-wordpre...y-checker/ This plugin will warn you if you're using or installing a vulnerable extension, removed from an official repository, a security must have plugin! This includes a list of a maximum known plugins to be vulnerable to any web security flaw, and also a list of more than 10.4k plugins removed from repository. Set it, and forget it.


2.[url] http://wordpress.org/plugins/quttera-web...re-scanner[/url] / The Quttera Web Malware Scanner plugin will scan your website for malware, trojans, backdoors, worms, viruses, spywares and other threats as well as JavaScript code obfuscation, exploits, malicious iframes, malicious code injection, malicious code obfuscation, auto-generated malicious content, redirects, hidden eval code and more. Also, it will check whether your website is blacklisted by Google and other blacklisting authorities

3. https://wordpress.org/plugins/sucuri-scanner/ The Sucuri Security - Auditing, SiteCheck Malware Scanner and Hardening is a security plugin enables you to scan your WordPress site using Sucuri SiteCheck for security and malware issues, and also verifies the security integrity of your core files right in your dashboard. It includes audit trails and post-hack security ions to help you reset passwords and secret keys in case it has been already hacked, or infected with malware. A manual process.

4. https://wordpress.org/plugins/bruteprotect/ Botnets attack millions of websites everyday using their Internet-connected programsBruteProtect is a security plugin that guards against botnets by connecting its users to track every failed login attempt across all installed users of the plugin. When you activate BruteProtect you become a part of an Internet-connected counter force that works against botnets.BruteProtect logs every failed attempt community-wideWhen an IP has too many failed attempts in a specific period of time, BruteProtect logs and blocks that IP across the entire BruteProtect network (your site included). The more users of BruteProtect, the safer we all are from traditional brute force attacks, and distributed brute force attacks that use many different servers and IP addresses. BruteProtect is safe for MultiSite and compatible with other security pluginsBruteProtect FULLY SUPPORTS multisite networks, and you’ll only need one API key. Go to the Installation tab to learn more about how easy it is to install and use BruteProtect. You can even use it alongside other security plugins, if you so desire.

5. http://wordpress.org/plugins/exploit-scanner/This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames. However, It does not remove anything. That is left to the user to do.


6.[url] http://wordpress.org/plugins/6scan-protection/[/url] 6Scan Security is the most comprehensive auto-fix protection your WordPress site can get against hackers. Our security scanner goes beyond the simple rule-based protection of other WordPress security plugins, employing sophisticated algorithms to find and automatically fix security vulnerabilities


7 http://wordpress.org/plugins/gotmls/ This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and it helps you remove them.

  • Automatic removal of "Known Threats".
  • Download definitions of new threat as they are discovered.
  • Automatically upgrade vulnerable versions of timthumb scripts.
  • Automatically patch wp-login.php to block brute-force attacks.
  • Run a Quick Scan from the admin menu.
  • Customize Scan Setting.
  • Run a Complete Scan from the Settings Page.

To identify which plugin is hogging resources, and how to monitor these plugin, I recommend these 2 highly:

1. "Query Manager" http://wordpress.org/plugins/query-monitor/
2. GoDaddy P3 plugin http://wordpress.org/plugins/p3-profiler/ Both plugins are invaluable as they will graphically depict loading and performance information.

Please add max reps if helpful.
find Quote
08-27-2014, 12:06 PM
Post: #2
intrepid Offline
Super Active BBHF Member
*****
Posts: 6,733
Joined: Oct 2011

Reputation: 315
RE:
You missed the most important one: Wordfence
http://bestblackhatforum.com/Thread-Must...ture-Rules
find Quote
08-28-2014, 06:25 AM (This post was last modified: 08-28-2014 06:25 AM by Worf.)
Post: #3
Worf Offline
Junior Member
**********
Posts: 36
Joined: Aug 2014

Reputation: 46
RE:
Thank you, great Tut :)

And a "Must Have" for all WP Users
https://www.tipsandtricks-hq.com/wordpre...all-plugin


best regards
find Quote
New Reply
 




74.gif
Contact Us | BestBlackhatForum | Return to Top | Return to Content | Lite (Archive) Mode