Another WordPress plugin to help you secure your blog. This time the plugin “File Hash Trace” will help you generate a report of file hashes for all of the files on your site and check it against the actual file hashes.
This way you can detect any file changes.

Introduction

It was several months ago, when my WordPress installation was hacked through an exploit in version 2.6. The hacker (shurely automatically) modified several of the php-files redirecting traffic from my site to another.
Since I don’t check my php files for injected code, it took several time to recognize it.
As a result me and some friends, who had the same problem, got a little bit paranoid about recent vulnerabilities in WordPress.
My first idea was to create a plugin, that could generate hashes for all files and store it in the database, making it realy easy to trace file modifications. But storing hashes in the database is not really safe, since a hacker could delete or update the hashes. So my friend Toni suggested to me to make the hashes downloadable to the local computer and check against that hashes on demand.
Now the first version of my plugin File Hash Trace (FHT) is finished and works.

Function

FHT offers two actions:

Following picture shows the main manage page fo the plugin:

Generate hash report

With this function you can configure which file extensions to include or exclude as well as which folders to exclude. When having lots of mp3 files or images in your blog generation of the report can take quite long and also produce high cpu load.
You can define a list of file extensions that will be excluded (or included) in your report as well as folders not to recurse. The used hash-algorithm also can be selected. The available hash-algorithms depend on your php-installation. I suggest to use the wide spread SHA1 algorithm, that is a little bit safer than the more common and faster MD5.
Also your absolute path for your wordpress installation is shown. (You can’t modify this, since FHT will start hashing files at the root of your wordpress installation.)
The following picture shows the configuration page:

As a result all files accepted by the configured filtering options are included in a hash report, which then is displayed in a text-area, from where it can be copy-pasted on the local computer.

As you can see, the report is just a simple file containing some meta-information and all files with hashes.

Check actual hashes against a hash report

When you’ve saved a hash report localy, you can check the stored report against the actual file hashes at any time.
Selecting the function an empty text-area as in the image below is displayed.

After copy-pasting your previously generated hash report into this text-area, you can start the comparison:

On the resulting page any file-modifications are shown as well as the files included in the previous hash report (removed/missing files) and the ones not included in the previous report (new files).

Also the full actual hash report is displayed:

History

Version: 0.1 – initial

TODOs

Known Bugs

Feature Requests

Compatibility

Tested with WordPress 2.7. Should work on all 2.x versions. PHP 5 is recommended.

Installation

Just upload to your wp-content/plugins folder or any subfolder and activate in plugins menue.

Usage

Go to your manage console and find the entry “File Hash Trace”.

Donate

If you like this plugin and it helps so much, that you would like to donate (no matter how much), please do it here.

Download

[drain file 1 show]

Witty Text is a WordPress plugin by Alexander Malov to view a randomly selected line from a textfile. The major use shurely is the displaying of random quotes. I changed a little bit of the code to support multiple textfiles through the parameters. The original used a hardcoded filename. Now you can reuse the same plugin eg. to show some quotes and at another place, to show some imageurls selected from a textfile.
Usage is quite easy:

<?php 
  if (function_exists('wittyx')) {
    wittyx('quotations.txt'); 
  } 
?>

The plugin is available here.

Well, some days ago I modified the code of the Slashdot.org headlines plugin by Dave Wolf to have rssfeeds from the german pages heise and telepolis. Now I wanted to incude more rssfeeds on my blog, since I got the rssfeed-mania.
The new plugin I wrote, again based on the code by Dave Wolf, can handle any amount of personally configurable rssfeeds. So you just have one plugin for all rssfeeds. It still includes the UTF-8 support for special characters. My favourite rssfeeds are included in the default version but can be individuallly expanded. A little bit of sense for php code is needed for the changes, since I had not time to include a management plugin.
The usage is explained in the sourcecode, as a comment.
You can download the file here.

Since I started to use WordPress as my blogging tool, I loved the Slashdot.org headlines plugin by Dave Wolf. But my favourite newspages are heise.de and telepolis. So I modified little bit of the code from Dave Wolf: changed the newsfeed urls, added UTF-8 support for the german special characters and voila. The usage is the same as for the Slashdot.org plugin. Just use HeiseHeadlines(x) or TelepolisHeadlines(x) to insert into any template.
You can download the files here.