Detecting Malware on your WordPress Blog – Atlanta

Detecting Malware on your WordPress Blog – Atlanta

Ran across this article written by   on ghacks.net.  If you live in Atlanta, have a  wordpress site, and have several different plugins running, Martin’s article is for you. So we are passing on the love.

Snitch is a new plugin for WordPress that monitors the outgoing network traffic activity of the blog. You can compare it to a limited firewall that is set to monitor by default. While monitoring may be useful enough for some purposes, the real strength lies in the ability to block further outgoing connections to select addresses.

WordPress in many aspects requires as much attention as the operating system of your computer. One of the things that you should monitor regularly are the outgoing connections that the blog software or installed plugins make. This can not only be useful to detect malware before it is running rampant on the blog and affecting search engine rankings and the blog’s reputation, but also to make sure that plugins or scripts do not phone back home.

Say you have installed a plugin that you really like, but noticed that it phones home whenever a blog article is updated. If there is no reason for that, you may prevent that from happening. The same can be true for other connections that are made by plugins, scripts or even WordPress itself. You can also use it to prevent regular connections from being made, say the pinging of specific destinations.

Once you have installed Snitch on your blog, it will automatically record all outgoing connections that are made on it. You can test that right away by updating or publishing an article, or wait some time to watch the list grow naturally.

 

Each connection is listed with its destination, the file that caused it, the state, code and time the connection happened.  For each WordPress file, you also see the line of code that originated the connection which can help you with your research. The program furthermore highlights if the file is a WordPress Core file or a plugin or theme.

When you hover the mouse cursor over an entry, you get options to block hosts or files so that they can’t create new connections anymore.

To read the rest of the article.