Checking WordPress Integrity with WP Toolkit

Your WordPress site relies on its core files being exactly as they should be. Unaltered and intact. But sometimes things go awry. Maybe a core file got accidentally edited during a late-night tweak, or perhaps something more concerning, like malicious changes, slipped in unnoticed. Whatever the cause, these changes can disrupt your site’s functionality or even compromise its security.

That’s where WP Toolkit’s Check WordPress Integrity feature steps in. It’s a quick and reliable way to ensure your core files are just as WordPress intended and to identify anything unexpected that needs your attention. Whether you’re troubleshooting errors or taking proactive steps to secure your site, this tool helps you get things back on track in just a few clicks.

Benefits

• Security: Detect unauthorised changes to WordPress core files and identify injected files.
• Repair Functionality: Restore missing or corrupted files to fix broken functionality.
• Proactive Maintenance: Regular checks ensure your WordPress installation remains secure and intact.

Use Cases

Hacked Website:

Detect and remove maliciously injected files or unauthorised changes to core files.

Broken Website:

Identify and restore missing core files to resolve functionality issues.

Routine Checks:

Regular scans to verify your installation is secure and consistent with the official WordPress release.

How to Use the Integrity Check

Step 1: Access WP Toolkit

• Log in to your cPanel account.
• Navigate to WP Toolkit under the Software section.

Step 2: Select Your WordPress Installation

• Locate the WordPress installation you want to scan.
• Click Manage to access the available tools for this installation.

Step 3: Run the Integrity Check

• Under the Security tab or the Integrity section, click Check WordPress Integrity.
• Wait for the scan to complete and review the results.

What to Do if Issues Are Found

Modified or Unexpected Files

Take a Backup:

• Before making changes, create a backup of your WordPress installation to ensure you can restore it if needed.
• Use the backup tools in cPanel or your preferred method to save your files and database.

Press Reinstall WordPress Core:

• In WP Toolkit, click the Reinstall WordPress Core button.
• This action will replace all WordPress core files with fresh copies from the WordPress repository.
• Important: Customisations to core files will be overwritten, so reapply them carefully if required.
• Once this is done, missing or altered files will automatically be replaced during the core reinstall process. Unexpected files in core directories will be removed.

Additional Steps if You Suspect a Potential Compromise

While reinstalling WordPress core files is a significant step in restoring your site’s integrity, it’s essential to go further if you suspect your site has been compromised. Attackers often leave traces in non-core areas, and a thorough inspection is crucial to fully secure your site.

1. Manually Inspect Non-Core Files

• Key Directories to Check: Your document root folder (e.g., public_html) and directories like wp-content/plugins and wp-content/themes.
• What to Look For: Recently added or modified files that you don’t recognise. Files with suspicious names, unexpected extensions, or unfamiliar content.

2. Review Installed Plugins and Themes

• Verify Legitimacy: Ensure all installed plugins and themes are from trusted sources. Remove any plugins or themes that are unused, outdated, or suspicious.
• Update: Keep all plugins and themes updated to their latest versions to patch known vulnerabilities.

3. Audit Admin Users

• Check Admin Accounts: Log in to your WordPress dashboard and review the list of admin users. Remove any users you don’t recognise or those who no longer require administrative access.
• Strengthen Passwords: Ensure that all admin accounts have strong, unique passwords.

4. Search for Backdoor Files

• Common Locations: Writable directories like wp-content/uploads or wp-includes.
• Detection Tools: Use Imunify360 in cPanel or security plugins like Wordfence to scan for backdoors. Manually review files with unusual permissions or names.

5. Review File Permissions

• Ensure Proper Permissions: Restrict file permissions to the recommended levels:
  • Files: 644
  • Directories: 755
• Use WP Toolkit’s security measures to enforce these permissions and block malicious execution.

6. Change Critical Passwords

• cPanel Password: Update your cPanel account password to a strong, unique password.
• WordPress Admin Passwords: Change all admin passwords for the WordPress dashboard.
• MySQL Password: Update the MySQL database user password. Ensure the new password is updated in the wp-config.php file.

7. Enable Security Measures

WP Toolkit offers a variety of security features to protect your site:

• Prevent execution of malicious files in directories like wp-content/uploads.
• Ensure proper permissions are enforced.
• Disable file editing via the WordPress dashboard.

For more details, refer to our article: Security Measures in WP Toolkit.