Another WordPress plugin to help you secure your blog. This time the plugin „File Hash Trace“ will help you generate a report of file hashes for all of the files on your site and check it against the actual file hashes.
This way you can detect any file changes.
It was several months ago, when my WordPress installation was hacked through an exploit in version 2.6. The hacker (shurely automatically) modified several of the php-files redirecting traffic from my site to another.
Since I don’t check my php files for injected code, it took several time to recognize it.
As a result me and some friends, who had the same problem, got a little bit paranoid about recent vulnerabilities in WordPress.
My first idea was to create a plugin, that could generate hashes for all files and store it in the database, making it realy easy to trace file modifications. But storing hashes in the database is not really safe, since a hacker could delete or update the hashes. So my friend Toni suggested to me to make the hashes downloadable to the local computer and check against that hashes on demand.
Now the first version of my plugin File Hash Trace (FHT) is finished and works.
FHT offers two actions:
A hash report is a collection of filenames and the associated file hashes, as well as some meta information on the configuration that was used to generate the hashes.
Following picture shows the main manage page fo the plugin:
With this function you can configure which file extensions to include or exclude as well as which folders to exclude. When having lots of mp3 files or images in your blog generation of the report can take quite long and also produce high cpu load.
You can define a list of file extensions that will be excluded (or included) in your report as well as folders not to recurse. The used hash-algorithm also can be selected. The available hash-algorithms depend on your php-installation. I suggest to use the wide spread SHA1 algorithm, that is a little bit safer than the more common and faster MD5.
Also your absolute path for your wordpress installation is shown. (You can’t modify this, since FHT will start hashing files at the root of your wordpress installation.)
The following picture shows the configuration page:
As a result all files accepted by the configured filtering options are included in a hash report, which then is displayed in a text-area, from where it can be copy-pasted on the local computer.
As you can see, the report is just a simple file containing some meta-information and all files with hashes.
When you’ve saved a hash report localy, you can check the stored report against the actual file hashes at any time.
Selecting the function an empty text-area as in the image below is displayed.
After copy-pasting your previously generated hash report into this text-area, you can start the comparison:
On the resulting page any file-modifications are shown as well as the files included in the previous hash report (removed/missing files) and the ones not included in the previous report (new files).
Also the full actual hash report is displayed:
Version: 0.1 – initial
Tested with WordPress 2.7. Should work on all 2.x versions. PHP 5 is recommended.
Just upload to your wp-content/plugins folder or any subfolder and activate in plugins menue.
Go to your manage console and find the entry „File Hash Trace“.
If you like this plugin and it helps so much, that you would like to donate (no matter how much), please do it here.
[drain file 1 show]