Verify your WordPress core files md5 hashes against Official WordPress checksums API and scans for possible exploits.
However there is no guarantee that the plugin will find or prevent any/all attacks or malicious code! READ DISCLAMER!
Though I did the best is possible to wrote this plugin, to try to make administrators job easier and hackers/crackers job harder, there is no guarantee that the plugin will find or prevent any/all attacks or malicious code! The plugin can also report false positive files. There is no such thing as 100% accuracy.
Exopite Integrity not only check your WordPress core files integrity, but it also look for any extra files outside wp-content folder.
Furthermore it search for any file with wrong extension or file rights inside wp-content folder and find eval in file content. (Mostly use by hackers)
To check:
- WordPress core files integrity trough WordPress Checksum API (https://api.wordpress.org/core/checksums/1.0/)
- Extra files in WordPress folders (exludes folders and file: ‘wp-content’, ‘wp-snapshots’, ‘.git’, ‘.htaccess’)
- Wrong permissions in ‘wp-content/uploads’ folder
- Wrong extension in ‘wp-content/uploads’ folder
- Check files content against: eval, gzuncompress, gzinflate, str_rot13, base64_decode
excluded extensions: jpg, jpeg, png, gif, svg, ico, mp4, mpg, mpeg, avi, flv, mkv, zip, gz, rar, css, woff, woff2, ttf, eot, mp3, xml, doc, docx, xls, xlsx, rtf, odt, ods, pdf, htaccess, log, html, js, txt, xml, po, pot, mo
You can create a cron job to scan and notify any changes via email or Telegram channel/bot. All files, which already has been previously reported, will be ignored next time, to avoid false reports.
You can use this two hooks for cron:
www.example.com/wp-admin/admin-ajax.php?action=eci_check_integrity_cron&hash={your-hash}
www.example.com/wp-admin/admin-ajax.php?action=eci_scan_files_cron&hash={your-hash}
There is also a file viewer builded in up to 1 mb file size.