how to detect outdated plugins system wide OR how do hackers find sites?

Hi kdelayed,

This plug-in may help you:
– It’s a One Click Plugin Updater.

Another alternative might be Manage WP which I use to manage all of my sites: https://managewp.com

I have about 12 sites so far and with just 1 click I update ALL of the plugins (and wordpress itself). Plus you can do 1 click installs and copies and backups etc very easily.

It’s not cheap though which can be stumbling block if the sites arn’t profitable.

Hope this helps!

Johnny

I dont have access to each client’s WordPress dashboard

That makes it challenging. If they dont want to or are unable to do so then your client may want to pay you or someone to do the maintenance.

If you have file level access via FTP or whatever file management tools your host provides you with then try making a complete backup of your clients wp-content/plugins directory and restore that onto your own installation.

Once on your installation upgrade the plugins. That will get you an upgraded set of plugins which you can then transfer back.

The same can be done with themes too but be careful. People modify themes all the time.

Thanks for the suggestions folks.

Since I’m just working with these people temporarily (yet the problem comes up often for me), I need a more portable solution than managewp.com. But I can suggest it to web developer.

I’ve been working on this on and off all weekend and have come up with a few helpful things, but no total solution. Since I have ssh access to the server:

This finds all the php files that have been changed in the last 1 day
find -mtime -1 -print | grep *.php

This prints out the version for each WordPress installation in the directory:
find . -name ‘version.php’ -path ‘*wp-includes/*’ -print -exec grep ‘$wp_version =’ {} \; -exec echo ” \;

This was the best search line I found for finding timthumb:
find . | grep php | xargs grep -s timthumb

As far a hacker tools and things that work from outside the server, I gave up on metasploit and am currently playing with wpscan:
https://code.google.com/p/wpscan/
It still does more than I need but is way more focused than the other programs I’ve tried. I need to mess around with it some more, but I havent gotten the most important feature (to me) working
Plugin vulnerability enumeration (based on plugin name)
I also havent figured out how to give it a list of sites. Giving it 17 sites one at a time is possible but a pain. I want it to either take a list of sites as input or (if i.p. addresses work this way, I’m not sure if all the sites would have the same address) 1 i.p. and find all the sites host there.

Anyway, I’m still up for suggestions and maybe these partial ideas will help someone dealing with many WordPress installs.