WP Security Scanning Software – Whats your flavor?

  • Hey All

    I’ve been doing some in-house research and finding various tools and method to proactively scan my systems for hacked wp files. I’m open trying new software if I miss any great tools please let me know

    Things I’ve tried:

    findbot.pl
    link
    -this is a great tool, but reported so many false positives that it was borderline useless to me. is that the experience others have had?

    wpscan
    link
    -i have not taken the leap to this – does anyone have any insight they’d be willing to share here?

    wordfence
    link
    -i am new to this tool, but the daily scans against repo signatures has proven useful, it has caught infected/compromised files that both findbot.pl and clamav have missed

    what I’m hoping for is:

    -are there any red flags for reasons NOT to run any of these?

    -are there better tools out there that i’m overlooking?

    -how do yall accomplish this?

    thanks for your time and input!

Viewing 7 replies - 1 through 7 (of 7 total)

  • All I use is Wordfence and a few simple .htaccess and functions.php additions for on going security.

    Thread Starter bernbe01

    (@bernbe01)

    thanks wslade!

    in wordfence, do you use any of the optional scan settings?

    i.e. scan plugin files against wordpress repo
    same with themes
    scan files outside of wordpress
    treat images as executable

    out of paranoia i’ve been turning these on, do you feel these are necessary?

    I check all the boxes in the “Scans to include” section. Even paranoid people are sometimes really being followed.

    The only thing in the group that is the least bit questionable is the treat images as executable and the hacking programs are starting to use apparent image files. They know we don’t delete wp-contents when we update or repair a site. So the upload files make a great place to hide a backdoor.

    Thread Starter bernbe01

    (@bernbe01)

    i really appreciate your insights here, thank you

    so i’ll take that to mean you always check off high sensitivity scan as well. i’ll have to try that tonight on some sites and see how it affects load. so far wordfence has proven to usually stay under 40 Mb usage at peak on each install

    Thread Starter bernbe01

    (@bernbe01)

    i’m reading the great article on your blog currently. thanks for sharing!

    Thank you. Yes, I check high sensitivity. I use Wordfence on all my own sites and I haven’t had any memory issues. I allocated whatever memory requirement it suggested, But I don’t remember what it requested. Also, I haven’t had a false positive from the high sensitivity yet.

    I leave Wordfence in every site I repair. It’s a very good security tool for on going protection.

    Thread Starter bernbe01

    (@bernbe01)

    awesome, i’ll try that out tonight and see how it impacts things if at all

    thanks for your time

    i’m still open to hearing more pitfalls/advantages/approaches

    i forgot to add that on the server side i run fail2ban with some custom jails to monitor known exploit URLs and it acts as a backup for Wordfence’s login blocking if wordfence gets munged up

    fail2ban has proven to be configurable and accurate at monitoring many apache logs at once

    the servers also have timer based scripted permission resets on all files and folders in webdirs to ensure proper permissions regardless of what clients override too. if they need special perms they have to contact me so I can add an exception

    the biggest challenges for me are when i take over hacked sites and clean them, the hackers come at the site tenfold as well as when i *have* to run old wp versions for specific accounts

    wordfence has a great feature which will hide version numbers so I obviously turn that on for the few older wp’s i have to maintain

    i haven’t taken the leap to MFA yet but based on @wslade’s blog article i’m going to be trying stealth login page on some of the dev sites and see whether users report it as tolerable or not.. i suspect many will not mind this

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘WP Security Scanning Software – Whats your flavor?’ is closed to new replies.

Tags