[Plugin: Wordfence Security] Feature request: Find malicious JPEG images

  • Resolved cq3abn

    (@mprewitt3abn)


    11 years, 7 months ago

    Hackers can hide WP plugins at JPEG images, as explained on this website: http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/ … see the end of the section with subtitle “Hidden Code”.

    I’m not sure if the current version of WP is still susceptible to this hack, but I have found suspicious JPEG images on my own server in the same folder with known hacker script files. (The JPEG images were suspect because (a) they shouldn’t have been there, and (b) they wouldn’t open with an image viewer. So most likely there were code.)

    It would be nice if your scanner could identify such files.

    http://wordpress.org/extend/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter cq3abn

    (@mprewitt3abn)

    11 years, 7 months ago

    I meant to say “So most likely THEY were code” (i.e., hacker scripts).

    Plugin Author Wordfence Security

    (@mmaunder)

    11 years, 7 months ago

    Thanks for this report.

    I’ve added this as a high priority issue for us to examine and if necessary we’ll ammend the Wordfence detection code to examine JPG’s for code.

    Regards,

    Mark.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: Wordfence Security] Feature request: Find malicious JPEG images’ is closed to new replies.