Title: [Plugin: Secure WordPress] Code injection Scanner Last modified: August 19, 2016 --- # [Plugin: Secure WordPress] Code injection Scanner * Resolved [danka](https://wordpress.org/support/users/danka/) * (@danka) * [15 years, 5 months ago](https://wordpress.org/support/topic/plugin-secure-wordpress-code-injection-scanner/) * Would be cool if you make a scanner to check for code injection in all code files[ php, js, css] and database, I mean code injection like this ones, but not limited to: eval(gzinflate(base64_decode(‘Code’))) eval(gzinflate(str_rot13(base64_decode(‘ Code’)))) eval(gzinflate(base64_decode(str_rot13(‘Code’)))) eval(gzinflate(base64_decode( base64_decode(str_rot13(‘Code’))))) eval(gzuncompress(base64_decode(‘Code’))) eval(gzuncompress(str_rot13(base64_decode(‘Code’)))) eval(gzuncompress(base64_decode( str_rot13(‘Code’)))) eval(base64_decode(‘Code’)) eval(str_rot13(gzinflate(base64_decode(‘ Code’)))) eval(gzinflate(base64_decode(strrev(str_rot13(‘Code’))))) eval(gzinflate( base64_decode(strrev(‘Code’)))) eval(gzinflate(base64_decode(str_rot13(‘Code’)))) eval(gzinflate(base64_decode(str_rot13(strrev(‘Code’))))) * There are also some injections that some guys do in Free themes ans some free plugins… for example, they try to include a URL in many places as possible, including external image links to get who is using their theme/plugin verifying by link reference, this could be solved hiding the referer in external links, or just removing the link. I think this feature is desired to avoid being target. * Thanks. * [http://wordpress.org/extend/plugins/secure-wordpress/](http://wordpress.org/extend/plugins/secure-wordpress/) Viewing 2 replies - 1 through 2 (of 2 total) * [Frank Bueltge](https://wordpress.org/support/users/bueltge/) * (@bueltge) * [15 years, 5 months ago](https://wordpress.org/support/topic/plugin-secure-wordpress-code-injection-scanner/#post-1765621) * yes, this plugin use bas64_decode for view very fast images via base64 string and not a http-request. The scanner scna only for the function, not what to do the function. * Thread Starter [danka](https://wordpress.org/support/users/danka/) * (@danka) * [15 years, 5 months ago](https://wordpress.org/support/topic/plugin-secure-wordpress-code-injection-scanner/#post-1765638) * Sorry, I think I was not clear enough… * I was referring to people that offer Themes and plugins for free, and some times they hide codes using some of the techniques I told in my first post… and such hided code could represent a problem… for example, say that the hided code inject things on DB or in other files or do something worst… so, the propose is to add a scanner in this plugin to check for encoded hided codes in the Themes and plugins and maybe in all other WP files… * If someone cant understand yet what I am saying… take a look on the plugin TAC… this plugin is limited only to scan Themes, and it dont check for all types of code injection… * Thanks. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘[Plugin: Secure WordPress] Code injection Scanner’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/secure-wordpress.svg) * [Acunetix Secure WordPress](https://wordpress.org/plugins/secure-wordpress/) * [Frequently Asked Questions](https://wordpress.org/plugins/secure-wordpress/#faq) * [Support Threads](https://wordpress.org/support/plugin/secure-wordpress/) * [Active Topics](https://wordpress.org/support/plugin/secure-wordpress/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/secure-wordpress/unresolved/) * [Reviews](https://wordpress.org/support/plugin/secure-wordpress/reviews/) * 2 replies * 2 participants * Last reply from: [danka](https://wordpress.org/support/users/danka/) * Last activity: [15 years, 5 months ago](https://wordpress.org/support/topic/plugin-secure-wordpress-code-injection-scanner/#post-1765638) * Status: resolved