Last Updated: February 25, 2016
· derrybirkett

Scanning for PHP malware backdoors

Every Wordpress bod is going to encounter some malware or security issues. Here are some common tricks to find the backdoor.

Find common backdoors

</>grep -ri "eval" [path]

</>grep -ri "base64_decode" [path]

Find recently modified files

</>find -type f -ctime -0 | more

The -type looks for files, and -ctime restricts your scan to the last 24 hours. You can look at the last 24 or 48 hours by specifying -1 or -2, respectively.

Find PHP files in uploads (for wordpress)

</>find uploads -name "*.php" -print