A wordpress security audit script is essential for any WordPress site running on RunCloud. Here’s how to automate your security checks.

WordPress is a popular platform for building websites, but it comes with its own set of security challenges. Server-level security audits are essential in identifying and mitigating potential threats to your website’s stability. In this guide, we’ll walk you through the process of setting up an automated WordPress security audit using scripts specifically designed for environments like RunCloud.

Step 1: Install the Audit Tools

To begin with, you need to install several tools on your server that will help us perform a comprehensive security audit. We have prepared two Bash scripts to automate this process:

wp-security-audit-installer.sh

Script 1: wp-security-audit-installer.sh

This script installs the necessary tools for running a wordpress security audit script on your WordPress site. Here’s what each part does:

  • Installs ClamAV, clamav-daemon: Antivirus that scans files for malware and viruses.
  • Installs Rkhunter (Rootkit Hunter): Software designed to detect rootkits and other types of hidden threats.
  • Installs Chkrootkit (Rootkit Checker): A utility to check for indications of compromise on a host system such as signs that the system has been compromised by a rootkit or a trojan horse program.
  • Updates ClamAV virus database via freshclam: Ensures you have the latest definitions to identify newly discovered threats.
  • Creates /var/log/webapps/ directory: Stores logs from different security scans.

Instructions:

To install these tools, run the script with root privileges:

sudo ./wp-security-audit-installer.sh

Step 2: Run the wordpress security audit script

After installing the necessary tools, we need to perform the security audit. We have another Bash script for this purpose:

wp-security-audit.sh

Script 2: wp-security-audit.sh

This script provides two options for running a wordpress security audit script:

  • Default: Scans all WordPress sites located at /home/*/webapps/*.
  • Optional: Pass --folder=/path/to/single/webapp to run the scan on a single website.

How It Works

The script performs several tests on each site:

  • ClamAV Scan (excluding wp-content/cache): Uses ClamAV to scan potentially infected files in your WordPress installation, specifically avoiding cached content.
  • Rkhunter Rootkit Check: Runs Rkhunter to detect any hidden rootkits or malicious software.
  • Chkrootkit Rootkit Check: Executes Chkrootkit to check for indications that the system has been compromised by a rootkit.
  • Uploads Folder Audit: Identifies non-media files like PHP scripts in the uploads folder, which can be exploited if not secured properly.
  • Plugin Audit: Searches for specific code snippets commonly used in malicious plugins to identify potential vulnerabilities.

Running the Script

To execute the wordpress security audit script, simply run:

./wp-security-audit.sh

Or for a single site:

./wp-security-audit.sh --folder=/path/to/single/webapp

What Each Scan Checks

  • ClamAV Scan: Identifies malware and viruses within your WordPress files.
  • Rkhunter Rootkit Check: Detects any hidden rootkits or malicious software that might be controlling your server.
  • Chkrootkit Rootkit Check: Finds indications of compromise in file contents, which can occur through rootkits.
  • Uploads Folder Audit: Flags non-media files in the uploads folder that could be exploited for injection attacks.
  • Plugin Audit: Searches for dangerous code snippets indicating malicious plugins.

Reading the Audit Logs

The results of each scan are logged into the /var/log/webapps/{appname}.log file. If any issues are found, you will see entries detailing what was detected and how to address it. For example:

ERROR: Malicious file found in wp-content/uploads/malicious.php
ACTION: Review and remove the malicious content immediately.

Important Notes

  • Regular Audits: It is important to run security audits regularly to ensure your WordPress sites remain secure. This can be done manually or set up as a cron job for automated checks.
  • Fixing Issues: If any issues are flagged, take immediate action to fix them following the instructions in each log entry.
  • Stay Updated: Ensure all security tools, including ClamAV virus databases, are kept up-to-date to stay ahead of potential threats.
WordPress security audit script automation
Automated wordpress security audit script for RunCloud servers

By following these steps and maintaining a regular security audit using automated scripts like those provided here, you can significantly enhance the security of your WordPress sites on RunCloud environments. Don’t wait until it’s too late; taking proactive measures now is crucial for protecting your website from cyber threats.

For more WordPress security best practices, check out Wordfence and Sucuri for enterprise-grade security solutions.