An amazingly simple plugin with one purpose: to search for files that may contain code that doesn’t belong in WordPress.
You can find the plugin in the WordPress plugin library.
After installation and activation, the Exploit Scanner can be found under Tools.
As you can see in the image below, there aren’t many options. You have the option to disable “display: none,” which is common in certain themes.
You can also limit the scan to files that are not larger than 400 KB, and it is recommended to keep it that way. (although very occasionally, hackers may write very large files, in 99% of cases, scanning such large files is not necessary)
The third option you have is to limit the number of files scanned at once. It may be necessary to set this to a maximum of 100-150 if you have a hosting package with limited memory, and the pages freeze with a “memory error.”
Run the scan!!
Once you have enabled the scan, it may take a few minutes.
After that, you will get a long list of files that contain Eval commands, a list of “hidden” CSS codes, and more.
Is the Exploit Scanner a one-click solution?
With one click, you can see which code may be potentially dangerous and where the files are located.
However, it is still necessary to have deep knowledge of WordPress, code, and hacker code to determine whether a piece of code belongs in your website or not.
In short, it’s a useful tool for webmasters.