In this blog post, we are going to cover the basics of the security audit for WordPress and Joomla sites using the unique tools found in our in-house website security scanning system.
Once your site is connected to the Aussie Wide Websites maintenance service, we automatically run a daily security scan check at 5.00 am as new vulnerabilities come out pretty much every day, and sometimes it can take as little as an hour to be exploited if updates are not performed right away.
Other services claim to have an “audit” tool. Most of the time they mean they have implemented the Sucuri SiteCheck API, which only “scans” your site as a visiting browser would, it doesn’t check the files in your webspace, and doesn’t find anything that is hidden under the surface of your rendered web pages. Be warned. Not all “Audits” are in-depth and comprehensive!
At the start of every audit, we also run our snapshot tools, capturing over 100 quick checks of your site. Added to the audit, that’s even more checks! The difference between the Snapshot and the Audit checks, is that the snapshot checks can be completed within milliseconds, whereas the audit has checks that require us to look at every single line of code in every single file in your webspace, this obviously takes more time.
The daily audit first compiles a list of all the folders in your webspace – without exceptions – and then grabs a list of the files in those folders.
- Identifying if the file is a core WordPress or Joomla file.
- If it’s a core file, identifying if that file has been modified since release.
- If the core file is modified, doing a comparison with the original file.
- Storing the md5 hash of the file for future comparison.
- Looping through every single line of code in every single file.
- Searching every single line of code, for one of nearly 2000 patterns of previous hacks we have seen, and if found marking a file as “suspect”.
- Checking the md5 hash of the file against over 14,000 specific md5 hashes of previously declared “hacked” files. There are no false positives, each of these 14,000 md5 hashes has been manually checked and confirmed to match a file which is hacked.
- We check the created, modified and other metadata of each file, including the EXIF data on images (where hacks are known to reside!).
- We identify any encrypted files, PHP error logs, Archive files, files over 2mb in size, zero byte files and many other classifications.
Sample Hacked file advice
One of the things that sets Aussie Wide Websites apart from every other maintenance service, is that we crowdsource data on hacks and backdoors.
In practice, this means that once a hack is discovered and confirmed on one site, patterns and regexp are created, approved, and rolled out to all sites being monitored by us the next time they are audited. Including your sites!
With this, you benefit from the discovery of emerging hacks and trends we see on other sites. Our system is totally dynamic and self-improving, even without human interaction and people often find hacks on their site when they add them to Aussie Wide Websites, that have been left dormant for years, or badly cleaned on previous cleanups.
Fully automated improvements to our detection.
Furthermore, we can manually improve the audit (and we do) multiple times a day, and with our automatic rollout/upgrade of our tools connector on your site – you get the very latest protection without having to manually make any changes at all.
If the Aussie Wide Websites audit finds your CMS site is hacked, and you are unsure how to fix it yourself, or just want us to take care of everything for you, you can escalate this to us using the service from our website for SET FEE priced hack fix.
Of course we are always here to assist if you need us so lodge a support request here if we can help in any way.
Until next time.