Title: Exploit Scanner
Author: Donncha O Caoimh (a11n)
Published: <strong>Òkúdù 26, 2008</strong>
Last modified: Òkúdù 5, 2017

---

Ṣàwárí àwọn plugin

Plugin yìí **kò tíì ṣe àyẹ̀wò pẹ̀lú àwọn ìtújáde mẹ́ta pàtàkì tó kẹ́yìn ti WordPress**.
Ó lè jẹ́ pé a kò tọ́jú tàbí ṣe àtìlẹ́yìn fún un mọ́, ó sì lè ní àwọn ọ̀ràn ìbámu
nígbà tí a bá lò ó pẹ̀lú àwọn ẹ̀yà WordPress tuntun.

![](https://s.w.org/plugins/geopattern-icon/exploit-scanner.svg)

# Exploit Scanner

 Láti ọwọ́ [Donncha O Caoimh (a11n)](https://profiles.wordpress.org/donncha/)

[Ṣe ìgbàsílẹ̀](https://downloads.wordpress.org/plugin/exploit-scanner.1.5.2.zip)

 * [Àwọn àlàyé](https://yor.wordpress.org/plugins/exploit-scanner/#description)
 * [Àwọn àgbéyẹ̀wò](https://yor.wordpress.org/plugins/exploit-scanner/#reviews)
 *  [Ìgbéwọlẹ̀](https://yor.wordpress.org/plugins/exploit-scanner/#installation)
 * [Ìdàgbàsókè](https://yor.wordpress.org/plugins/exploit-scanner/#developers)

 [Ìrànlọ́wọ́](https://wordpress.org/support/plugin/exploit-scanner/)

## Àpèjúwe

This plugin searches the files on your website, and the posts and comments tables
of your database for anything suspicious. It also examines your list of active plugins
for unusual filenames.

It does not remove anything. That is left to the user to do.

Latest MD5 hash values for Exploit Scanner:

 * 17e2ccfc834d691bc68cc5c64f9bed89 exploit-scanner.php (1.5.2)
 * 1d5f9d6220fe159cd44cb70a998a1cd7 hashes-4.6.php
 * fbdf61c17f65094c8e331e1e364acf68 hashes-4.6.1.php
 * 477d128d84802e3470cec408424a8de3 hashes-4.7.php
 * d53210f999847fbd6f5a2ecac0ad42f2 hashes-4.7.5.php

Latest SHA1 hash values for Exploit Scanner:

 * 1decc1e47a53d1cab9e8f1ef15b31682198367ee exploit-scanner.php (1.5.2)
 * 5cec64380a2acdc876fd22fbbbbf8c335df1ed3f hashes-4.6.php
 * 99d9e7be23a350f3d1962d0f41e7b4e28c00841e hashes-4.6.1.php
 * 1eeab377a1afc6d776827a063678d2461b29e71d hashes-4.7.php
 * 8c890a6af26bb74e9d17e5d2b21d6be27764da45 hashes-4.7.5.php

See the [Exploit Scanner homepage](http://ocaoimh.ie/exploit-scanner/) for further
information.

### Interpreting the Results

It is likely that this scanner will find false positives (i.e. files which do not
contain malicious code). However, it is best to err
 on the side of caution; if 
you are unsure then ask in the [Support Forums](https://wordpress.org/support/),
download a fresh copy of a plugin, search the Internet for similar situations, et
cetera. You should be most concerned if the scanner is: making matches around unknown
external links; finding base64 encoded text in modified core files or the `wp-config.
php` file; listing extra admin accounts; or finding content in posts which you did
not put there.

Understanding the three different result levels:

 * **Severe:** results that are often strong indicators of a hack (though they are
   not definitive proof)
 * **Warning:** these results are more commonly found in innocent circumstances 
   than Severe matches, but they should still be treated with caution
 * **Note:** lowest priority, showing results that are very commonly used in legitimate
   code or notifications about events such as skipped files

### Help! I think I have been hacked!

Follow the guides from the Codex:

 * [Codex: FAQ Ìtumọ̀ Yorùbá: – My site was hacked](https://codex.wordpress.org/FAQ_My_site_was_hacked)
 * [Codex: Hardening WordPress](https://codex.wordpress.org/Hardening_WordPress)

Ensure that you change **all** of your WordPress related passwords (site, FTP, MySQL,
etc.). A regular backup routine
 (either manual or plugin powered) is extremely 
useful; if you ever find that your site has been hacked you can easily restore your
site from a clean backup and fresh set of files and, of course, use a new set of
passwords.

### Updates

Updates to the plugin will be posted here, to [Holy Shmoly!](http://ocaoimh.ie/)
and the [WordPress Exploit Scanner](http://ocaoimh.ie/exploit-scanner/) page will
always link to the newest version.

### Other Languages

Unfortunately for people using WordPress versions for other locales some of the 
file hashes may be incorrect as some strings have to be hardcoded in their translated
form. Here are some file hashes for WordPress in other languagues provided separately
by other members of the community:

 * [Japanese](http://wpbiz.jp/files/exploit-scanner-hashes/ja/) Ìtumọ̀ Yorùbá: –
   thanks to Naoko
 * [German](http://talkpress.de/artikel/exploit-scanner-hash-deutsch-wordpress) 
   Ìtumọ̀ Yorùbá: – thanks to Robert Wetzlmayr

The hash files should only be declaring an array called $filehashes and the majority
of the hashes should still be the same.

## Ìgbéwọlẹ̀

 1. Download and unzip the plugin.
 2. Copy the exploit-scanner directory into your plugins folder.
 3. Visit your Plugins page and activate the plugin.
 4. A new menu item called “Exploit Scanner” will be available under the Tools menu.

## FAQ

  Installation Instructions

 1. Download and unzip the plugin.
 2. Copy the exploit-scanner directory into your plugins folder.
 3. Visit your Plugins page and activate the plugin.
 4. A new menu item called “Exploit Scanner” will be available under the Tools menu.

  How do I fix the out of memory error?

Scanning your website can take quite a bit of memory. The plugin tries to allocate
128MB but sometimes thatÌtumọ̀ Yorùbá: ’s not enough. You can modify the amount 
of memory PHP has access to from within the plugin admin page. You can also limit
the max size of scanned files. Reduce this number to skip more files but be aware
that it may miss hacked files. Any skipped files are listed after scanning. Memory
is also used if you have deep directories because of the way the scanner works. 
It will help if you clean out any cache directories (wp-content/cache/ for example)
before scanning.

## Àwọn àgbéyẹ̀wò

![](https://secure.gravatar.com/avatar/e33ec1c5454eb96d7acd97ac6b73d0498a93961c54b249c849a0e968b9584831?
s=60&d=retro&r=g)

### 󠀁[830 matches in a clean installation](https://wordpress.org/support/topic/830-matches-in-a-clean-installation/)󠁿

 [Antonio Augusto](https://profiles.wordpress.org/antonio24073/) Igbe 11, 2021

Apparently abandoned or confuse.

![](https://secure.gravatar.com/avatar/93e8a924bd86a93a3add2c97a53930d4e7acb927b69708cf81b9d11ffdb9dc0d?
s=60&d=retro&r=g)

### 󠀁[Doesn´t work at all](https://wordpress.org/support/topic/doesnt-work-at-all-164/)󠁿

 [C77](https://profiles.wordpress.org/c77/) Agẹmọ 6, 2019

Doesn´t work at all… it always shows an error, try later.

![](https://secure.gravatar.com/avatar/a98be547cfd47beddac1bb7158644cc0dce7690870f7db92c6813363d6566e1d?
s=60&d=retro&r=g)

### 󠀁[DoesnÌtumọ̀ Yorùbá: ’t work](https://wordpress.org/support/topic/doesnt-work-1910/)󠁿

 [scorpiotiger](https://profiles.wordpress.org/scorpiotiger/) Agẹmọ 2, 2018

Just gives an error: {“status”:”error”,”message”:”$this->files was not an array”,”
data”:{“start”:250,”files”:”b:0;”}} Others have posted in the support section and
not had responses and the plugin has not been updated for a long time, so it looks
to be an abandoned project.

![](https://secure.gravatar.com/avatar/db2a484c92757a5ede4e89afd31abed5684c346992de6d20d6629381a339853a?
s=60&d=retro&r=g)

### 󠀁[Am I a paranoid?](https://wordpress.org/support/topic/am-i-a-paranoid/)󠁿

 [carolzeroum](https://profiles.wordpress.org/carolzeroum/) Ẹrẹ́nà 13, 2018

Exploit Scanner is a useless plugin. I mean, it does nothing. It just lists hundreds
of files of your server. Says nothing about them. And does nothing either. In the
end, it says you are a PARANOID. If you have any further worries. I think I will
create a Wordpress plugin too.

![](https://secure.gravatar.com/avatar/ee421d3fd85b44d745307f4aba5cdfac6c8b05237fbfe7d443b9827d164ba234?
s=60&d=retro&r=g)

### 󠀁[Great security scan plugin but..](https://wordpress.org/support/topic/great-security-scan-plugin-but/)󠁿

 [Eduard Doloc](https://profiles.wordpress.org/rwky/) Bélú 14, 2017

Great plugin, but itÌtumọ̀ Yorùbá: ’s not well documented. Anyways, it works on 
version 4.8.3 and theoretically any version as long as you generate (if you donÌtumọ̀
Yorùbá: ’t have) the hashes for your wordpress version; in my case I had to generate
for 4.8.3 and it did a good job 🙂

![](https://secure.gravatar.com/avatar/40eb674eecbca2ab381524c2d829e2d42e7c768e8235ee30b7fe36f4852e2167?
s=60&d=retro&r=g)

### 󠀁[Great, if you have current hashes](https://wordpress.org/support/topic/great-if-you-have-current-hashes/)󠁿

 [enacta2](https://profiles.wordpress.org/enacta2/) Òkúdù 25, 2017

Works really well. I have it installed next to TAC and VIP Scanner on my localhost
test site. The trick is you need to use current hashes, and none are available for
Wordpress 4.8 and higher on the Internets. So, here are hashes for WordPress 4.8.
And easy to follow directions to create new hashes for newer versions of WordPress:
https://wordpress.org/support/topic/here-you-go-hashes-4-8-php/

 [ Ka gbogbo àwọn àgbéyẹ̀wò 41 ](https://wordpress.org/support/plugin/exploit-scanner/reviews/)

## Àwọn Olùkópa & Olùgbéejáde

“Exploit Scanner” jẹ́ ètò ìṣàmúlò orísun ṣíṣí sílẹ̀. Àwọn ènìyàn wọ̀nyí ti ṣe ìkópa
sí plugin yìí.

Àwọn Olùkópa

 *   [ Donncha O Caoimh (a11n) ](https://profiles.wordpress.org/donncha/)
 *   [ Jon Cave ](https://profiles.wordpress.org/duck_/)
 *   [ Ryan Boren ](https://profiles.wordpress.org/ryan/)
 *   [ Andrew Ozz ](https://profiles.wordpress.org/azaozz/)
 *   [ Thorsten Ott ](https://profiles.wordpress.org/tott/)
 *   [ Gary Pendergast ](https://profiles.wordpress.org/pento/)
 *   [ Philip John ](https://profiles.wordpress.org/philipjohn/)

[Túmọ̀ “Exploit Scanner” sí èdè rẹ.](https://translate.wordpress.org/projects/wp-plugins/exploit-scanner)

### Ṣe o nífẹ̀ẹ́ sí ìdàgbàsókè?

[Ṣàwárí koodu](https://plugins.trac.wordpress.org/browser/exploit-scanner/), ṣàyẹ̀wò
[ibi ìpamọ́ SVN](https://plugins.svn.wordpress.org/exploit-scanner/), tàbí ṣe àgbékalẹ̀
sí [àkọsílẹ̀ ìdàgbàsókè](https://plugins.trac.wordpress.org/log/exploit-scanner/)
nípasẹ̀ [RSS](https://plugins.trac.wordpress.org/log/exploit-scanner/?limit=100&mode=stop_on_copy&format=rss).

## Àkọsílẹ̀ àwọn àyípadà

#### 1.5.2

 * Added hashes for WordPress 4.7.5

#### 1.5.1

 * WordPress 4.6 hashes
 * WordPress 4.6.1 hashes
 * WordPress 4.7 hashes

#### 1.5

 * WordPress 4.5.3 hashes
 * Move to follow WP versioning system

#### 1.4.12

 * WordPress 4.5.2 hashes

#### 1.4.11

 * WordPress 4.5 hashes
 * WordPress 4.5.1 hashes

#### 1.4.10

 * WordPress 4.4.1 hashes

#### 1.4.9

 * WordPress 4.4 hashes

#### 1.4.8

 * WordPress 4.3.1 security release hashes
 * Other missing hashes

#### 1.4.7

 * WordPress 4.3 hashes

#### 1.4.6

 * WordPress 4.2.3 hashes
 * WordPress 4.2.4 hashes

#### 1.4.5

 * WordPress 4.2.2 hashes

#### 1.4.4

 * WordPress 3.7.3 hashes
 * WordPress 3.7.4 hashes
 * WordPress 3.7.5 hashes
 * WordPress 3.7.6 hashes
 * WordPress 3.7.7 hashes
 * WordPress 3.8.4 hashes
 * WordPress 3.8.5 hashes
 * WordPress 3.8.6 hashes
 * WordPress 3.8.7 hashes
 * WordPress 3.9.4 hashes
 * WordPress 3.9.5 hashes
 * WordPress 4.0.2 hashes
 * WordPress 4.0.3 hashes
 * WordPress 4.0.4 hashes
 * WordPress 4.1.4 hashes
 * WordPress 4.2.1 hashes

#### 1.4.3

 * WordPress 4.1.3 hashes

#### 1.4.2

 * WordPress 4.2 hashes

#### 1.4.1

 * WordPress 3.9.3, 4.1, 4.1.1 and 4.1.2 hashes

#### 1.4

 * Remove an example link to a hacked site
 * Fixed the eval() check incorrectly matching function names that end in “eval”
 * Fixed some PHP warnings
 * WordPress 3.5.2 hashes
 * WordPress 3.6 and 3.6.1 hashes
 * WordPress 3.7, 3.7.1 and 3.7.2 hashes
 * WordPress 3.8, 3.8.1, 3.8.2 and 3.7.3 hashes
 * WordPress 3.9, 3.9.1 and 3.9.2 hashes
 * WordPress 4.0 and 4.0.1 hashes

#### 1.3.3

 * WordPress 3.5 and 3.5.1 hashes

#### 1.3.2

 * WordPress 3.4.2 hashes

#### 1.3.1

 * WordPress 3.4.1 hashes

#### 1.3

 * Detect unknown files in the wp-admin and wp-includes directories
 * WordPress 3.4 hashes

#### 1.2.1

 * WordPress 3.3.2 hashes

#### 1.2

 * WordPress 3.3.1 hashes
 * Use help tabs introduced in WordPress 3.3
 * Help prevent one cause of hanging scans (MySQL error 1153)

#### 1.1

 * Scan for and fix old, vulnerable TimThumb scripts
 * Detect old export files even if theyÌtumọ̀ Yorùbá: ’re larger than the size limit
 * WordPress 3.3 hashes

#### 1.0.5

 * WordPress 3.2 and 3.2.1 hashes

#### 1.0.4

 * WordPress 3.1.4 hashes
 * Suspicious pattern updates and tweaks

#### 1.0.3

 * Detection of export files left by incomplete imports.
 * WordPress 3.1.3 hashes

#### 1.0.2

 * WordPress 3.0.6 and 3.1.2 hashes

#### 1.0.1

 * WordPress 3.1.1 hashes

#### 1.0

 * Core file diffs
 * WordPress 3.1 hashes
 * Updated suspicious patterns

#### 0.97.6

 * WordPress 3.0.5 hashes

#### 0.97.5

 * WordPress 3.0.4 hashes
 * Dropped wp-content from hashes

#### 0.97.4

 * WordPress 3.0.3 compatibility

#### 0.97.3

 * 3.0.2 compatibility

#### 0.97.2

 * 3.0.1 compatibility

#### 0.97.1

 * PHP 4 compatibility

#### 0.97

 * AJAX paging
 * simplified results system (now only 3 levels)
 * contextual help
 * moved to Tools menu section
 * a number of backend changes

#### 0.96

 * Compatibility for WordPress 3.0

#### 0.95

 * Added “exploits” scan level for obvious hacker exploit code.
 * Stored results for later review.
 * Rearranged layout of results.
 * Paged scanning so plugin scans 50 files at a time to avoid timeout errors.
 * Only show “General Info” to non MU sites (itÌtumọ̀ Yorùbá: ’s too expensive for
   large MU sites)

## Àkójọpọ̀ Meta

 *  Ẹ̀yà **1.5.2**
 *  Ìgbàgbọ́hùn tó kẹ́yìn **ọdún 9 sẹ́yìn**
 *  Àwọn ìgbéwọlẹ̀ tó ṣiṣẹ́ **8,000+**
 *  Ẹ̀yà WordPress ** 3.3 tàbí ju bẹ́ẹ̀ lọ **
 *  Dánwò dé **4.7.33**
 *  Èdè
 * [English (US)](https://wordpress.org/plugins/exploit-scanner/)
 * Àwọn àmì
 * [hack](https://yor.wordpress.org/plugins/tags/hack/)[hacking](https://yor.wordpress.org/plugins/tags/hacking/)
   [scanner](https://yor.wordpress.org/plugins/tags/scanner/)[security](https://yor.wordpress.org/plugins/tags/security/)
   [spam](https://yor.wordpress.org/plugins/tags/spam/)
 *  [Ìwòye Tó Péye](https://yor.wordpress.org/plugins/exploit-scanner/advanced/)

## Àwọn ìbò

 3.2 lára àwọn ìràwọ̀ 5.

 *  [  18 5-star reviews     ](https://wordpress.org/support/plugin/exploit-scanner/reviews/?filter=5)
 *  [  4 4-star reviews     ](https://wordpress.org/support/plugin/exploit-scanner/reviews/?filter=4)
 *  [  1 3-star review     ](https://wordpress.org/support/plugin/exploit-scanner/reviews/?filter=3)
 *  [  3 2-star reviews     ](https://wordpress.org/support/plugin/exploit-scanner/reviews/?filter=2)
 *  [  14 1-star reviews     ](https://wordpress.org/support/plugin/exploit-scanner/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/exploit-scanner/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/exploit-scanner/reviews/)

## Àwọn Olùkópa

 *   [ Donncha O Caoimh (a11n) ](https://profiles.wordpress.org/donncha/)
 *   [ Jon Cave ](https://profiles.wordpress.org/duck_/)
 *   [ Ryan Boren ](https://profiles.wordpress.org/ryan/)
 *   [ Andrew Ozz ](https://profiles.wordpress.org/azaozz/)
 *   [ Thorsten Ott ](https://profiles.wordpress.org/tott/)
 *   [ Gary Pendergast ](https://profiles.wordpress.org/pento/)
 *   [ Philip John ](https://profiles.wordpress.org/philipjohn/)

## Ìrànlọ́wọ́

Nǹkan wà tí o fẹ́ sọ? Ṣé o nílò ìrànlọ́wọ́?

 [Wo àpéjọ ìrànlọ́wọ́](https://wordpress.org/support/plugin/exploit-scanner/)