Is there an app or method to scan numerous wordpress sites for outdated themes and plug-ins?
I’ve removed the virus code and found and deleted 2 php backdoors, but original weakness still remains. I dont have access to each client’s WordPress dashboard to check for things that need to be updated or install security plugins and doing anything 1 at a time on a per site basis isn’t practical anyway.
I have ssh access to the home directory on the server but beyond grepping for ‘tim-thumb’, I dont know what to search for. I havent been able to find any mention of other linux tools for this.
Obviously theres a way to scan multiple sites from the outside because hackers are doing it. But I dont know what they use. Google turned up a zillion potential and sketchy seeming programs. I tried 2 of them (nessus and metasploit) but they didnt seem to work. (metasploit was time-consuming and complicated, I might have been doing it wrong).
Does anyone else run into issues like this?
What do hackers (or preferably, system administrators) use to find vulnerable wordpress sites?
- The topic ‘how to detect outdated plugins system wide OR how do hackers find sites?’ is closed to new replies.