Beta version of new plugin: HTML output filter

Hi,

I’m fairly new to plugin writing and I’m new to the forums here. I’ve been working on a plugin and I’m just releasing this for experienced webmasters and coders to have a play with and in the hope of getting feedback (positive or negative). If it gets a good response then I’ll put more effort into improving and maintaining it. I’ve been testing it on WordPress 2.9.2.

Recently we’ve seen hacks which target hosting services rather than wordpress itself. Those of us who use such shared hosts can’t tinker with things like apache and database security much and sometimes our blogs and vulnerable without us being able to do anything about it.

This plugin does 2 things:
1. It can filter every page (except admin pages) output by wordpress and strip out anything it doesn’t like (this is off by default and requires editing “index.php” to turn it on)
2. It can check your site for links to bad domains and malicious script.

It works using whitelists rather than blacklists since they are unreliable (google “security whitelist blacklist” for a whole load of articles explaining why) so you’ll have to add all the domains used in links/images/whatever and all blocks of script. To do this you can check a box when you first scan to automatically include everything in the whitelist straight away.

The idea is that if someone hacks your DB directly or your themes then the filter will prevent most of the damage done (for example, being blacklisted as a site associated with malware).

It does nothing to prevent your site being hacked in the first place but keeping up to date with the latest versions of WP and plugins and using strong passwords should do that.

Here’s more information and a link to the zip file:
https://www.jameswilkesdesign.co.uk/wordpress-html-output-filter/

Cheers,

James Wilkes