Hi guys, Do you know any software out there that can scan a WordPress site for any hacking? Nowadays, hackers have been targeting WordPress sites it seems. Lots of subtle hacking incidents. Or it is better to invite a good coder to check on the site and see if there's anything wrong? I'm willing to bet only a few people are qualified, as this requires trustworthy people. Hackings are always a headache. I suspect maybe a site of mine could be hacked...but not sure. What's the best way to be sure (for non programmers) like us? Not everyone is a coder....
Well, there is no program that will tell you really if it is 'hackable' or anything. Of course, you can use a web vulnerability scanner, and it will tell you anything exploitable that you may want to fix. One good program of this is called 'Acunetix Web Vulnerability Scanner' Easy things to make sure your wordpress isn't hackable... 1. Secure password, different from other passwords. 2. Everything imported(themes, mods, etc.) should be verified 3. Always update your wordpress. 4. Make sure you actually have a username for your admin login, rather than the default admin. 5. It also helps if you would change your admin login url (/wp-admin), to something else, so the person trying to gain access would have a harder time and would need to scan your site. My advise overall, do things that are free, and you should be fine... Don't hire anyone to look over it, because that is seriously a waste, unless your site is very very popular. Stay safe!
This issue is being similar to that suffered by phpBB a while back, the problem is basically script vulnerabilities and the problem can only be resolved by patching/upgrading the script when available.
Try WordPress Exploit Scanner. This plugin searches the files and database of your website for signs of suspicious activity. You can also give my new tool a try (link in the signature). It reveals hidden illicit content (such as hidden links, iframes, scripts) on web pages.
Hmm, I'd say don't use WordPress anyway! It's default structure is built with flaws. With some configuration, it should be alright. However, I do recommend you use BlogSpot. It's already hosted, by Google. That leaves you the piece of mind as you know its load times should be quick, plus it's fairly stable as far as security goes. If you want to stay with WordPress, google this "WordPress Scanner v1.3c BETA". It should be the very first link.