A plugin that
- Greps every file in your public web directory, recursively, looking for “base64” and tells you about them. The default WP install has none of these.
- Warns you on modification date of any file in the install, plus in any themes.
- Checks header and footer for unusual size changes.
- Warns you on any files added to install directories that are not something in the vanilla install — e.g., any new php files in wp-admin that aren’t part of the install.
- Warns you on any .htaccess redirects.
- Pulls out the list of administrators by querying in wp_usermeta for wp_metavalue containing %administrator% — not whatever the dashboard uses, which appears to correlate to other tables and therefore misses hacked accounts.
- Generates a table of everything in wp_options that is not a part of the vanilla WP install, so you can check it. Sure, a whole bunch of plugins will show up, but maybe you can check that manually.
Doing all this by hand is getting old. 🙂 The saga continues at the other post, which continues to get updates.