When cleaning up hacked sites and testing .htaccess tricks, it’s nice to have a list of WordPress directory and file names for checking patterns and finding strings directly via Search/Find. Especially when working remotely, having a complete list of WordPress files available online can help expedite the attack-recovery process.
The official Codex page lists some important files, but only for WP version 2.x and doesn’t seem to list files located in all sub-directories. Sure it’s not the most exciting topic in the world, but it’s always good practice to know thy files. You get to see the bigger picture and gain a better understanding of how much stuff actually is included in WordPress — especially if you start digging around in the /wp-includes/ directory.. bring a snack, knife, and some flint to improve your chances.
We’re looking at default download/unzip of WordPress version 3.3.2 — a complete list of all files in all directories in alphabetical order. Here’s the roadmap:
- directory structure (without files)
- WordPress root-level files
- files in the
/wp-admin/directory - files in the
/wp-content/directory - files in the
/wp-includes/directory
Basic WordPress directory structure
/wordpress/
/wp-admin/
/css/
/images/
/includes/
/js/
/maint/
/network/
/user/
/wp-content/
/plugins/
/akismet/
/themes/
/twentyeleven/
/colors/
/images/
/inc/
/images/
/js/
/languages/
/twentyten/
/images/
/headers/
/languages/
/wp-includes/
/Text/
/css/
/images/
/crystal/
/smilies/
/wlw/
/js/
/crop/
/imgareaselect/
/jcrop/
/jquery/
/ui/
/plupload/
/scriptaculous/
/swfupload/
/plugins/
/thickbox/
/tinymce/
/langs/
/plugins/
/directionality/
/fullscreen/
/inlinepopups/
/skins/
/clearlooks2/
/img/
/media/
/css/
/js/
/paste/
/js/
/spellchecker/
/classes/
/utils/
/css/
/img/
/includes/
/tabfocus/
/wordpress/
/css/
/img/
/wpdialogs/
/js/
/wpeditimage/
/css/
/img/
/js/
/wpfullscreen/
/wpgallery/
/img/
/wplink/
/themes/
/advanced/
/img/
/js/
/skins/
/default/
/img/
/highcontrast/
/o2k7/
/img/
/wp_theme/
/img/
/utils/
/pomo/
/theme-compat/Root-level WordPress files
/wordpress/
index.php
license.txt
readme.html
wp-activate.php
wp-app.php
wp-blog-header.php
wp-comments-post.php
wp-config-sample.php
wp-cron.php
wp-links-opml.php
wp-load.php
wp-login.php
wp-mail.php
wp-pass.php
wp-register.php
wp-settings.php
wp-signup.php
wp-trackback.php
xmlrpc.phpFiles in the /wp-admin/ directory
/wp-admin/
about.php
admin-ajax.php
admin-footer.php
admin-functions.php
admin-header.php
admin-post.php
admin.php
async-upload.php
comment.php
credits.php
/css/
colors-classic.css
colors-classic.dev.css
colors-fresh.css
colors-fresh.dev.css
farbtastic.css
file-list.txt
ie-rtl.css
ie-rtl.dev.css
ie.css
ie.dev.css
install.css
install.dev.css
media-rtl.css
media-rtl.dev.css
media.css
media.dev.css
wp-admin-rtl.css
wp-admin-rtl.dev.css
wp-admin.css
wp-admin.dev.css
custom-background.php
custom-header.php
edit-comments.php
edit-form-advanced.php
edit-form-comment.php
edit-link-form.php
edit-tag-form.php
edit-tags.php
edit.php
export.php
freedoms.php
gears-manifest.php
/images/
align-center.png
align-left.png
align-none.png
align-right.png
archive-link.png
arrows-dark-vs.png
arrows-dark.png
arrows-vs.png
arrows.png
blue-grad.png
bubble_bg-rtl.gif
bubble_bg.gif
button-grad-active.png
button-grad.png
comment-grey-bubble.png
date-button.gif
ed-bg-vs.gif
ed-bg.gif
fade-butt.png
fav-arrow-rtl.gif
fav-arrow.gif
fav-vs.png
fav.png
generic.png
gray-grad.png
gray-star.png
icons32-vs.png
icons32.png
imgedit-icons.png
list.png
loading-publish.gif
loading.gif
logo-ghost.png
logo-login.png
logo.gif
marker.png
mask.png
media-button-image.gif
media-button-music.gif
media-button-other.gif
media-button-video.gif
media-button.png
menu-arrow-frame-rtl.png
menu-arrow-frame.png
menu-arrows.gif
menu-bits-rtl-vs.gif
menu-bits-rtl.gif
menu-bits-vs.gif
menu-bits.gif
menu-dark-rtl-vs.gif
menu-dark-rtl.gif
menu-dark-vs.gif
menu-dark.gif
menu-shadow-rtl.png
menu-shadow.png
menu-vs.png
menu.png
no.png
press-this.png
required.gif
resize-rtl.gif
resize.gif
screen-options-toggle-vs.gif
screen-options-toggle.gif
screenshots
se.png
sort.gif
star.png
toggle-arrow-rtl.gif
toggle-arrow.gif
upload-classic.png
upload-fresh.png
wheel.png
white-grad-active.png
white-grad.png
widgets-arrow-vs.gif
widgets-arrow.gif
wordpress-logo.png
wp-badge.png
wp-logo-vs.png
wp-logo.png
wpspin_dark.gif
wpspin_light.gif
xit.gif
yes.png
import.php
/includes/
admin.php
bookmark.php
class-ftp-pure.php
class-ftp-sockets.php
class-ftp.php
class-pclzip.php
class-wp-comments-list-table.php
class-wp-filesystem-base.php
class-wp-filesystem-direct.php
class-wp-filesystem-ftpext.php
class-wp-filesystem-ftpsockets.php
class-wp-filesystem-ssh2.php
class-wp-importer.php
class-wp-links-list-table.php
class-wp-list-table.php
class-wp-media-list-table.php
class-wp-ms-sites-list-table.php
class-wp-ms-themes-list-table.php
class-wp-ms-users-list-table.php
class-wp-plugin-install-list-table.php
class-wp-plugins-list-table.php
class-wp-posts-list-table.php
class-wp-terms-list-table.php
class-wp-theme-install-list-table.php
class-wp-themes-list-table.php
class-wp-upgrader.php
class-wp-users-list-table.php
comment.php
continents-cities.php
dashboard.php
deprecated.php
export.php
file.php
image-edit.php
image.php
import.php
list-table.php
manifest.php
media.php
menu.php
meta-boxes.php
misc.php
ms-deprecated.php
ms.php
nav-menu.php
plugin-install.php
plugin.php
post.php
schema.php
screen.php
taxonomy.php
template.php
theme-install.php
theme.php
update-core.php
update.php
upgrade.php
user.php
widgets.php
index-extra.php
index.php
install-helper.php
install.php
/js/
cat.dev.js
cat.js
categories.dev.js
categories.js
comment.dev.js
comment.js
common.dev.js
common.js
custom-background.dev.js
custom-background.js
custom-fields.dev.js
custom-fields.js
dashboard.dev.js
dashboard.js
edit-comments.dev.js
edit-comments.js
editor.dev.js
editor.js
farbtastic.js
gallery.dev.js
gallery.js
image-edit.dev.js
image-edit.js
inline-edit-post.dev.js
inline-edit-post.js
inline-edit-tax.dev.js
inline-edit-tax.js
link.dev.js
link.js
media-upload.dev.js
media-upload.js
media.dev.js
media.js
nav-menu.dev.js
nav-menu.js
password-strength-meter.dev.js
password-strength-meter.js
plugin-install.dev.js
plugin-install.js
post.dev.js
post.js
postbox.dev.js
postbox.js
revisions-js.php
set-post-thumbnail.dev.js
set-post-thumbnail.js
tags.dev.js
tags.js
theme-preview.dev.js
theme-preview.js
theme.dev.js
theme.js
user-profile.dev.js
user-profile.js
utils.dev.js
utils.js
widgets.dev.js
widgets.js
word-count.dev.js
word-count.js
wp-fullscreen.dev.js
wp-fullscreen.js
xfn.dev.js
xfn.js
link-add.php
link-manager.php
link-parse-opml.php
link.php
load-scripts.php
load-styles.php
/maint/
repair.php
media-new.php
media-upload.php
media.php
menu-header.php
menu.php
moderation.php
ms-admin.php
ms-delete-site.php
ms-edit.php
ms-options.php
ms-sites.php
ms-themes.php
ms-upgrade-network.php
ms-users.php
my-sites.php
nav-menus.php
/network/
admin.php
edit.php
index-extra.php
index.php
menu.php
plugin-editor.php
plugin-install.php
plugins.php
profile.php
settings.php
setup.php
site-info.php
site-new.php
site-settings.php
site-themes.php
site-users.php
sites.php
theme-editor.php
theme-install.php
themes.php
update-core.php
update.php
upgrade.php
user-edit.php
user-new.php
users.php
network.php
options-discussion.php
options-general.php
options-head.php
options-media.php
options-permalink.php
options-privacy.php
options-reading.php
options-writing.php
options.php
plugin-editor.php
plugin-install.php
plugins.php
post-new.php
post.php
press-this.php
profile.php
revision.php
setup-config.php
theme-editor.php
theme-install.php
themes.php
tools.php
update-core.php
update.php
upgrade-functions.php
upgrade.php
upload.php
/user/
admin.php
index-extra.php
index.php
menu.php
profile.php
user-edit.php
user-edit.php
user-new.php
users.php
widgets.phpFiles in the /wp-content/ directory
/wp-content/
index.php
/plugins/
/akismet/
admin.php
akismet.css
akismet.gif
akismet.js
akismet.php
legacy.php
readme.txt
widget.php
hello.php
index.php
/themes/
index.php
/twentyeleven/
404.php
archive.php
author.php
category.php
/colors/
dark.css
comments.php
content-aside.php
content-featured.php
content-gallery.php
content-image.php
content-intro.php
content-link.php
content-page.php
content-quote.php
content-single.php
content-status.php
content.php
editor-style-rtl.css
editor-style.css
footer.php
functions.php
header.php
image.php
/images/
comment-arrow-bypostauthor-dark-rtl.png
comment-arrow-bypostauthor-dark.png
comment-arrow-bypostauthor-rtl.png
comment-arrow-bypostauthor.png
comment-arrow-dark-rtl.png
comment-arrow-dark.png
comment-arrow-rtl.png
comment-arrow.png
comment-bubble-dark-rtl.png
comment-bubble-dark.png
comment-bubble-rtl.png
comment-bubble.png
headers
search.png
wordpress.png
/inc/
/images/
content-sidebar.png
content.png
dark.png
light.png
sidebar-content.png
theme-options.css
theme-options.js
theme-options.php
widgets.php
index.php
/js/
html5.js
showcase.js
/languages/
twentyeleven.pot
license.txt
page.php
readme.txt
rtl.css
screenshot.png
search.php
searchform.php
showcase.php
sidebar-footer.php
sidebar-page.php
sidebar.php
single.php
style.css
tag.php
/twentyten/
404.php
archive.php
attachment.php
author.php
category.php
comments.php
editor-style-rtl.css
editor-style.css
footer.php
functions.php
header.php
/images/
/headers/
berries-thumbnail.jpg
berries.jpg
cherryblossoms-thumbnail.jpg
cherryblossoms.jpg
concave-thumbnail.jpg
concave.jpg
fern-thumbnail.jpg
fern.jpg
forestfloor-thumbnail.jpg
forestfloor.jpg
inkwell-thumbnail.jpg
inkwell.jpg
path-thumbnail.jpg
path.jpg
sunset-thumbnail.jpg
sunset.jpg
wordpress.png
index.php
/languages/
twentyten.pot
license.txt
loop-attachment.php
loop-page.php
loop-single.php
loop.php
onecolumn-page.php
page.php
rtl.css
screenshot.png
search.php
sidebar-footer.php
sidebar.php
single.php
style.css
tag.phpFiles in the /wp-includes/ directory
/wp-includes/
/Text/
Diff
Diff.php
admin-bar.php
atomlib.php
author-template.php
bookmark-template.php
bookmark.php
cache.php
canonical.php
capabilities.php
category-template.php
category.php
class-IXR.php
class-feed.php
class-http.php
class-json.php
class-oembed.php
class-phpass.php
class-phpmailer.php
class-pop3.php
class-simplepie.php
class-smtp.php
class-snoopy.php
class-wp-admin-bar.php
class-wp-ajax-response.php
class-wp-editor.php
class-wp-error.php
class-wp-http-ixr-client.php
class-wp-walker.php
class-wp-xmlrpc-server.php
class-wp.php
class.wp-dependencies.php
class.wp-scripts.php
class.wp-styles.php
comment-template.php
comment.php
compat.php
cron.php
/css/
admin-bar-rtl.css
admin-bar-rtl.dev.css
admin-bar.css
admin-bar.dev.css
editor-buttons.css
editor-buttons.dev.css
jquery-ui-dialog.css
jquery-ui-dialog.dev.css
wp-pointer.css
wp-pointer.dev.css
default-constants.php
default-filters.php
default-widgets.php
deprecated.php
feed-atom-comments.php
feed-atom.php
feed-rdf.php
feed-rss.php
feed-rss2-comments.php
feed-rss2.php
feed.php
formatting.php
functions.php
functions.wp-scripts.php
functions.wp-styles.php
general-template.php
http.php
/images/
admin-bar-sprite.png
arrow-pointer-blue.png
blank.gif
/crystal/
archive.png
audio.png
code.png
default.png
document.png
interactive.png
license.txt
spreadsheet.png
text.png
video.png
down_arrow.gif
icon-pointer-flag.png
rss.png
/smilies/
icon_arrow.gif
icon_biggrin.gif
icon_confused.gif
icon_cool.gif
icon_cry.gif
icon_eek.gif
icon_evil.gif
icon_exclaim.gif
icon_idea.gif
icon_lol.gif
icon_mad.gif
icon_mrgreen.gif
icon_neutral.gif
icon_question.gif
icon_razz.gif
icon_redface.gif
icon_rolleyes.gif
icon_sad.gif
icon_smile.gif
icon_surprised.gif
icon_twisted.gif
icon_wink.gif
toggle-arrow.png
upload.png
/wlw/
wp-comments.png
wp-icon.png
wp-watermark.png
wpicons.png
wpmini-blue.png
xit.gif
/js/
admin-bar.dev.js
admin-bar.js
autosave.dev.js
autosave.js
colorpicker.dev.js
colorpicker.js
comment-reply.dev.js
comment-reply.js
/crop/
cropper.css
cropper.js
marqueeHoriz.gif
marqueeVert.gif
hoverIntent.dev.js
hoverIntent.js
/imgareaselect/
border-anim-h.gif
border-anim-v.gif
imgareaselect.css
jquery.imgareaselect.dev.js
jquery.imgareaselect.js
/jcrop/
Jcrop.gif
jquery.Jcrop.css
jquery.Jcrop.dev.js
jquery.Jcrop.js
/jquery/
jquery.color.dev.js
jquery.color.js
jquery.form.dev.js
jquery.form.js
jquery.hotkeys.dev.js
jquery.hotkeys.js
jquery.js
jquery.query.js
jquery.schedule.js
jquery.serialize-object.js
jquery.table-hotkeys.dev.js
jquery.table-hotkeys.js
suggest.dev.js
suggest.js
/ui/
jquery.effects.blind.min.js
jquery.effects.bounce.min.js
jquery.effects.clip.min.js
jquery.effects.core.min.js
jquery.effects.drop.min.js
jquery.effects.explode.min.js
jquery.effects.fade.min.js
jquery.effects.fold.min.js
jquery.effects.highlight.min.js
jquery.effects.pulsate.min.js
jquery.effects.scale.min.js
jquery.effects.shake.min.js
jquery.effects.slide.min.js
jquery.effects.transfer.min.js
jquery.ui.accordion.min.js
jquery.ui.autocomplete.min.js
jquery.ui.button.min.js
jquery.ui.core.min.js
jquery.ui.datepicker.min.js
jquery.ui.dialog.min.js
jquery.ui.draggable.min.js
jquery.ui.droppable.min.js
jquery.ui.mouse.min.js
jquery.ui.position.min.js
jquery.ui.progressbar.min.js
jquery.ui.resizable.min.js
jquery.ui.selectable.min.js
jquery.ui.slider.min.js
jquery.ui.sortable.min.js
jquery.ui.tabs.min.js
jquery.ui.widget.min.js
json2.dev.js
json2.js
/plupload/
changelog.txt
handlers.dev.js
handlers.js
license.txt
plupload.flash.js
plupload.flash.swf
plupload.html4.js
plupload.html5.js
plupload.js
plupload.silverlight.js
plupload.silverlight.xap
prototype.js
quicktags.dev.js
quicktags.js
/scriptaculous/
MIT-LICENSE
builder.js
controls.js
dragdrop.js
effects.js
scriptaculous.js
slider.js
sound.js
unittest.js
wp-scriptaculous.js
swfobject.js
/swfupload/
handlers.dev.js
handlers.js
license.txt
/plugins/
swfupload.cookies.js
swfupload.queue.js
swfupload.speed.js
swfupload.swfobject.js
swfupload-all.js
swfupload.js
swfupload.swf
/thickbox/
loadingAnimation.gif
macFFBgHack.png
tb-close.png
thickbox.css
thickbox.js
/tinymce/
/langs/
wp-langs-en.js
wp-langs.php
license.txt
/plugins/
/directionality/
editor_plugin.js
/fullscreen/
editor_plugin.js
fullscreen.htm
/inlinepopups/
editor_plugin.js
/skins/
/clearlooks2/
/img/
alert.gif
button.gif
buttons.gif
confirm.gif
corners.gif
drag.gif
horizontal.gif
vertical.gif
window.css
template.htm
/media/
/css/
media.css
editor_plugin.js
/js/
embed.js
media.js
media.htm
moxieplayer.swf
/paste/
blank.htm
editor_plugin.js
/js/
pastetext.js
pasteword.js
pastetext.htm
pasteword.htm
/spellchecker/
changelog.txt
/classes/
EnchantSpell.php
GoogleSpell.php
PSpell.php
PSpellShell.php
SpellChecker.php
/utils/
JSON.php
Logger.php
config.php
/css/
content.css
editor_plugin.js
/img/
wline.gif
/includes/
general.php
rpc.php
/tabfocus/
editor_plugin.js
/wordpress/
/css/
content.css
editor_plugin.dev.js
editor_plugin.js
/img/
audio.gif
embedded.png
image.gif
media.gif
more_bug.gif
page.gif
page_bug.gif
trans.gif
video.gif
/wpdialogs/
editor_plugin.dev.js
editor_plugin.js
/js/
popup.dev.js
popup.js
wpdialog.dev.js
wpdialog.js
/wpeditimage/
/css/
editimage-rtl.css
editimage.css
editimage.html
editor_plugin.dev.js
editor_plugin.js
/img/
delete.png
image.png
/js/
editimage.dev.js
editimage.js
/wpfullscreen/
editor_plugin.js
fullscreen.htm
/wpgallery/
editor_plugin.dev.js
editor_plugin.js
/img/
delete.png
edit.png
gallery.png
t.gif
/wplink/
editor_plugin.dev.js
editor_plugin.js
/themes/
/advanced/
about.htm
anchor.htm
charmap.htm
color_picker.htm
editor_template.js
image.htm
/img/
colorpicker.jpg
flash.gif
gotmoxie.png
icons.gif
iframe.gif
pagebreak.gif
quicktime.gif
realmedia.gif
shockwave.gif
trans.gif
video.gif
windowsmedia.gif
/js/
about.js
anchor.js
charmap.js
color_picker.js
image.js
link.js
source_editor.js
link.htm
shortcuts.htm
/skins/
/default/
content.css
dialog.css
/img/
buttons.png
items.gif
menu_arrow.gif
menu_check.gif
progress.gif
tabs.gif
ui.css
/highcontrast/
content.css
dialog.css
ui.css
/o2k7/
content.css
dialog.css
/img/
button_bg.png
button_bg_black.png
button_bg_silver.png
ui.css
ui_black.css
ui_silver.css
/wp_theme/
content.css
dialog.css
/img/
tabs.gif
ui.css
source_editor.htm
tiny_mce.js
tiny_mce_popup.js
/utils/
editable_selects.js
form_utils.js
mctabs.js
validate.js
wp-mce-help.php
wp-tinymce.js.gz
wp-tinymce.php
tw-sack.dev.js
tw-sack.js
wp-ajax-response.dev.js
wp-ajax-response.js
wp-list-revisions.dev.js
wp-list-revisions.js
wp-lists.dev.js
wp-lists.js
wp-pointer.dev.js
wp-pointer.js
wplink.dev.js
wplink.js
kses.php
l10n.php
link-template.php
load.php
locale.php
media.php
meta.php
ms-blogs.php
ms-default-constants.php
ms-default-filters.php
ms-deprecated.php
ms-files.php
ms-functions.php
ms-load.php
ms-settings.php
nav-menu-template.php
nav-menu.php
pluggable-deprecated.php
pluggable.php
plugin.php
/pomo/
entry.php
mo.php
po.php
streams.php
translations.php
post-template.php
post-thumbnail-template.php
post.php
query.php
registration-functions.php
registration.php
rewrite.php
rss-functions.php
rss.php
script-loader.php
shortcodes.php
taxonomy.php
template-loader.php
/theme-compat/
comments-popup.php
comments.php
footer.php
header.php
sidebar.php
theme.php
update.php
user.php
vars.php
version.php
widgets.php
wlwmanifest.xml
wp-db.php
wp-diff.php
![[ Digging into WordPress ]](http://digwp.com/wp-content/themes/DiggingIntoWordPress-2/images/sidebarbook.png)
Loading ...
I wonder which of these files are changed by the system and which are never to be changed. On the ones that should never be changed, except via a core upgrade, maybe a checksum so that we can compare the files more rapidly.
This is great info. No sharing buttons :(
That’s a good suggestion Jim gave there.
But still. An excellent and bloody usefull post!
Whoa! Useful. Agreed! No sharing?
Serious on the sharing?! Let me ask.. which buttons/services should we add or would be helpful? Been thinking about a redesign and might want to factor ‘em in..
I understand the feeling of now wanting to put on the buttons. The fact that it makes your site a bit slower is a reason I hadn’t liked the idea in the past. But, with caching things are getting better. And I think Yoast has a great tut on setting them up in a very efficient way.
I truly only use Google+ (Big G is weighing this hard I am sure), Facebook and Twitter
I did share it on Facebook !
Minimal Twitter, Facebook and G+.
For Google, what’s better, +1 or Share? Agreed on FB & Twitter.
The + will bring up a share box when you click it
So does the share button..
PP is a great place and i love the 5G Blacklist! I think, at least for me and maybe a good question to ask others, is that I do not like to share everything, but I do hit the Like or +1 buttons if I spend the time to read the article and hit will share if I think people on my lists would also like to read it.
So, not sure what is best for you. I haven’t seen whether sharing auto gives a +1 or not, which I think are two different things. A like count and a share count..
Thanks! I’m currently experimenting there with the Google social-media stuff, so will try adding the +1 at the end of each post and see what happens. I think “like count and a share count” explains it well. They should merge the two into one all-powerful + button or something :)
Tweet for sure! Facebook share for sure IMO – would allow others to specifically share on their own pages, groups, networks etc. highly focused! Facebook like… debatable – it only gets lost in the plethora of the Facebook algos right? Google +1 yeah! no brainer, if it’s authority you want authority you will get. If not, then it wouldn’t harm in the whole scheme of things from an seo point of view anyways.
Good points, Elliott — always good stuff to think about. I agree the potential pros vastly outweigh the cons.. think I’m gonna go ahead and add +1 to both here and Perishable Press. Also Twitter and FB share buttons — seems like a good thing to do. I want that Carbonara (the right way) recipe btw.
Sweet! Technique can be seen on facebuk http://www.facebook.com/elliottiainrichmond
Nice – looking forward to trying it! Found the steps here:
http://elliottrichmond.wordpress.com/2012/05/05/carbonara-the-right-way/
Useful list, thanks Jeff. Please include Google+ when you get around to adding sharing buttons.
Thanks Gary, we’ll be sure to include +1 to the mix :)
Isn’t there a plugin that will detect hacked files for easy clean up?
Good question.. is there a plugin that can discern between good/bad code? It’s simple to auto-scan for the obvious stuff, but attacks are becoming more sophisticated, using methods that are difficult to detect (by any means). Plugins may be useful tools to get started with, but ultimately insufficient for serious cleanup work.
right by looking at the code it would be difficult for a plugin to decided what is valid or not, but if there appears to be a problem on your site then a plugin could download the most current set of files from wordpress, over write all of the core files (not the wp-content folder or config) and then you will know that the core files are clean. Further the plugin could do automatic database backups that could restore data on the fly. I believe that any plugins or theme files in the wp-content folder should be locally backed up, so if any of those are corrupted one could simply ftp the theme and plugin files back into the wordpress wp-content folder. I don’t fully know all of the attack methods, but this clean start approach may be a good start to defend against most of the attacks.
I did some quick testing, so I don’t know how safe this is, but if you go to wp-includes/version.php , change the $wp_version = ’3.3.2′; back to a previous version, then wordpress will prompt you to upgrade. Once you do that then it will replace all of the core files with the most current version. This is a quick way to make sure the core files are not corrupted, and either fix a hacked site or at least narrow down the search for the problem.
Good ideas, but ultimately you’ve got to secure your site, not just clean up the mess. Replacing corrupt files is an important step, and plugins can help with that, but unless you also lock down vulnerabilities and actually take measures to secure your site, simply replacing hacked files with clean ones is futile because it will just happen all over again.
I’d love to see a review of Wordfence, it’s a new antivirus/ firewall plugin /service
Looks fantastic, gonna try it out and report back..
Highly useful and bookmarked.
To add to the IDS discussion, http://www.snort.org is a good solution. It needs to be trained a bit to not report everything, but a few times its shown up some bad activity which I have gone on to block.
Login Lockdown is the one plugin, which has saved my bacon a few times.