Interpreting the Results
It is likely that this scanner will find false positives (i.e. files which do not contain malicious code). However, it is best to err on the side of caution; if you are unsure then ask in the Support Forums, download a fresh copy of a plugin, search the Internet for similar situations, et cetera. You should be most concerned if the scanner is: making matches around unknown external links; finding obfuscated text in modified core files or the wp-config.php file; listing extra admin accounts; or finding content in posts which you did not put there.
wp-config.php
Understanding the three different result levels:
Help! I think I have been hacked!
Follow the guides from the Codex:
Ensure that you change all of your WordPress related passwords (site, FTP, MySQL, etc.). A regular backup routine (either manual or plugin powered) is extremely useful; if you ever find that your site has been hacked you can easily restore your site from a clean backup and fresh set of files and, of course, use a new set of passwords.
This script searches through your WordPress install for signs that may indicate that your website has been compromised by hackers. It does NOT remove anything, this is left for the user to do.
display:none
visibility:hidden
Searching your filesystem and database for possible exploit code
Files scanned: 0...
Nothing found.
Unfortunately it's impossible to catch every hack and it's all too easy to catch false positives (show a file as suspicious when in reality it is clean). If you have been hacked, this script may help you track down what files, comments or posts have been modified. On the other hand, if this script indicates your blog is clean, don't believe it. This is far from foolproof.
For the paranoid... To prevent someone hiding malicious code inside this plugin and to check that the signatures file hasn't been changed, here are the MD5 and SHA1 hashes of these files. Compare them with the references on the plugin homepage. You'll get extra points if you check this file has the actual md5_file() and sha1_file() calls.
MD5 of exploit-scanner.php:
SHA1 of exploit-scanner.php:
MD5 of hashes-.php:
SHA1 of hashes-.php:
' . exploitscanner_hilight( esc_html($r['line']) ) . '
Go back.
Sorry, an error occured. This file might not exist!
Sorry, an error occured. Please try again later.
This instance of TimThumb has had a security fix applied. It is recommended that you download the latest version of TimThumb and completely replace this file.
An error occurred. It was not possible to apply a fix to this file. It is recommended that you download the latest version of TimThumb and completely replace this file.
The vulnerability will still show in your scan results until you run another scan.