wp-admin/
and wp-includes/
for unexpected files;wp-content/uploads/
for hidden scripts;look-see-security-scanner
folder to your plugins directory via FTP.
To install this plugin as Must-Use, download, extract, and upload the look-see-security-scanner
folder to your mu-plugins directory via FTP. See the MU Caveats for more information about getting WordPress to load an MU plugin that is in a subfolder.
Please note: MU Plugins are removed from the usual update-checking process, so you will need to handle future updates manually.The plugin is only meant to be used with single-site WordPress installations.
The free version of Look-See will point out potential issues and recommend follow-up actions, but it is left up to you to actually complete those actions. The pro version includes "quick action" links when viewing scan results that can let you view a file's source, fix permission/ownership issues, and/or ignore or delete it with the push of a button.
Unfortunately file system operations like scanning can be very resource-intensive. A lot of low-end, budget shared hosting providers might have completing a scan. In such cases, you could try fiddling with the ignore rules — ignore images and other large files — but ultimately the solution is to probably just find better hosting.
Not necessarily. There could still be backdoors elsewhere on the server. As always, we recommend you maintain best security practices and keep regular back-ups.
The free version of the plugin requires scans be run manually through the admin interface. The pro version contains WP-CLI integration, allowing scans to be run through the command line (thus scans can be executed any which way through server-side scripts or CRON jobs).
plugins_api()
response to match formatting change.