I’ve just released version 0.95 of WordPress Exploit Scanner.
This release fixes a number of bugs and makes it easier to scan for exploits and read the results.
I’ve added an “Exploits” scan level which looks for obvious code that hackers use. It will return a few false positives but it’s a good first scan to try if you suspect your website has been hacked. You can then use the “Blocker” and “Severe” to scan for ever more suspect strings.
Scans are now done 50 files at a time, with the page reloading after each. The scan results are saved in the database (in your options table as not-autoloaded records to minimize load on your blog) and you can open another browser window or tab on the Exploit Scanner admin page to view the saved results even before the scan is completed.
MD5 hash records for WordPress 2.9.2 have been added, and the hash records for 2.9.1 were corrected.
In other news I’m looking for testers to try out the almost ready WordPress MU 2.9.2. More details are on the forum thread above.