Article directory
WordpressIt is the most used free and open source in the worldBuilding websiteprogram, there are manyInternet marketingused by staffWordPress websitedoSEOTraffic sells advertisements, sells members, sells products, sells services...
- So WordPress has a very richWordPress pluginand themes are free to download, while more advanced, paid pro versions of plugins and themes are also available.
Chen WeiliangIf you plan to buy a professional version of a WordPress plugin, go to Google to find out, and accidentally find that there is a website that provides free downloads of cracked versions of WordPress plugins and themes.
I simply tried to download and use it, but it didn't feel right: why are these websites that provide free download cracked versions, there is no profit model at all, and there are no other advertisements on the website?
Since the website has been hacked several times, I use the cracked versionsoftware, plugins or themes, are very careful in case there is a "backdoor" vulnerability program.
The following is August 2020, 08Chen WeiliangScreenshot of hacked blog site▼
- LinuxServers were hacked and tampered with by hackers from Indonesia.
- There is an extra "mm.php" vulnerability file in each folder of the website, which may be used imperfectly.VestaCP caused by the panel.
To solve the problem of being hacked is to reinstall directlyCentOS 7 OS and change toInstall CWP Control Panel, then restore website backup▼
- Because I learned about the security vulnerability of the "Pagoda Control Panel" before, I finally decided to useCWP Control Panel.
? What does backdoor mean?
Mainly from the "Trojan horse", the backdoor means that the software has added loopholes, just like opening the back door of your home, which is convenient for intrusion and stealing information.
❗️Warning about plugin themes with Trojan backdoors
The following 2 websites provide cracked versions of major WordPress plugins and WordPress themes:
1) WPTRY ▼
2) Premium Free Themes ▼
- Chen WeiliangIt is very sure that the software, plug-ins and themes on these two websites have backdoor loopholes. Do not download and use them, otherwise, please bear the consequences at your own risk!
?How to scan Trojan horse backdoor program vulnerabilities?
There are 2 ways to scan website source code for backdoor files:
- The first: use a WordPress security scan plugin
- Second: useOnline ToolsKill scan files
?First: Use a WordPress Security Scanning Plugin
It is recommended to use this WordPress website security scanning plugin - Wordfence Security to scan all themes and plugins on the WordPress website in batches to detect whether there are PHP backdoor vulnerability files▼
?Second: use security scan to find PHP vulnerability files online tool
Online tools to help you analyze suspicious files and URLs, detect types of malware ▼
Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ ) shared "How to scan website source code for backdoor files? Find PHP Trojan horse loopholes online", which is helpful to you.
Welcome to share the link of this article:https://www.chenweiliang.com/cwl-1405.html