wp-rex

TABLE OF CONTENT:

• What is „wp-rex“?
• What is „wp-rex“ not?
• Where can I get this script?
• How do I use it?
• What checks are being made?
• What features will be implemented soon?
• Can I request a feature?

What is „wp-rex“?

• a script, that can help you finding malware in your wordpress installation
• easy to use, just upload it to your wordpress directory
• usable via http/https-request, usable via ssh/cli
• open-source, you do not have to pay anything

What is „wp-rex“ not?

• a 100%-guarantee to find all malware in your wordpress installation
• a magic tool, that cleans your wordpress in some mysterious way

Where can I get this script?

• just clone the repo at https://github.com/foulenzer/wp-rex or
• download the file https://raw.githubusercontent.com/foulenzer/wp-rex/master/wp-rex.php e.g. via wget

How do I use it?

• upload the file into your wordpress directory
• visit this file in your favorite web-browser, e.g. mywordpressblog.com/wp-rex.php
• use this tool on the command line interface via php wp-rex.php
  • maybe you need to state the absolute path to php, e.g. /usr/bin/php

What checks are being made?

• wordpress core file checksum comparison
• check for files modified in the last seven days
• check all files for malicious code snippets from common malware samples

What features will be implemented soon?

• check for suspicious file permissions, e.g. executable wp-config.php (Why would anybody do this?!)
• check for additional files, which do not belong there
• check for common malware filename patterns
• return results in an array
• add a scoring procedure, calculating the chance, that a malware attack has been executed
• continously updated malware samples

Can I request a feature?

• sure, just hit me up at github: https://github.com/foulenzer/wp-rex
• or via mail: website@foulenzer.me