WordPress 2.6 is out. It's time to upgrade.
Just don't forget to run a security check before the upgrade.
When you are upgrading a compromised blog, the new version will remain
compromised. Hackers can leave a backdoor script, create a new user or
steal your admin's password. This way even the very new and secure
WordPress 2.6 can be exploited.
Here are two relatively new tools to help you:
WordPress Exploit Scanner - This plugin searches the files and database of your website for signs of suspicious activity. It will not stop someone hacking into your site, but it may help you find any uploaded or compromised files left by the hacker.
Current version 0.1 (released on June 26, 2008) was designed for WordPress 2.5.1. So use it before the upgrade and then deactivate. You can use it with WordPress 2.6 but it may report more false positives. I guess we can expect a new version of the plugin pretty soon.
By the way, this plugin displays warnings for its own file. Just skip
warnings for exploit-scanner.php - the plugin finds its own list of suspicious strings.
Another false positive is PSpellShell.php file from the original TinyMCE package.
If the plugin reports other files - take a closer look at them.
- If you don't feel like installing anything or your current WP version is not 2.5.1, you can try the Unmask Parasites online service to check individual web pages for hidden illicit content (i.e. invisible spam links, malicious scripts and redirects).
This simple service is in its beta stage (released on July 1, 2007). Since it doesn't have access to your server, it can only reveal exploits visible in the HTML source code of your web pages.
Both tools can reveal most common types of WordPress exploits but don't guarantee 100% accuracy of their tests. And they won't remove anything. However, in the world where thousands of WordPress blogs have been compromised and exploited by hackers, the security check step is a must and these tool do their best to help you.
P.S. If you know other similar tools, leave their links in this thread.