BlogSafe Scanner is a lightweight file scanner designed to notify you when any files are modified or uploaded to your server.
It’s features include:
- Creates a checksum of each file on your web server and compares them to official WordPress checksums. *1
- Detects new and modified files on your web server.
- Optionally ignore files that are changed often.
- Optionally checks plugins and themes against the U.S. NIST National Vulnerability Database for known issues. *2
- Optionally hecks plugins and themes for last known updates and alerts you when they haven’t been updated in over 12 months. *2
- Sends e-mail alert to the server admin when it’s been deactivated.
- Works with WP Multi-site (Activate on parent site only).
- Sends e-mail alearts when new or modified files are detected (Plus version).
- Scheduling of automatic scans (Plus version).
Notes regarding 3rd party services:
1. BlogSafe Scanner directly contacts various WordPress API’s for checksum verification.
During this contact the following information may be sent:
a. Plugin name and version.
b. Theme name and version.
c. WordPress version.
BlogSafe.org monitors and mirrors a portion of the NIST National Vulnerability Database for vulnerabilities related to WordPress, plugins and themes. When opting-in, BlogSafe Scanner will poll the BlogSafe.org API for these potential vulnerabilities. At no time will the plugin contact the NIST database directly. BlogSafe.org also maintains a database of known WordPress themes and plugins. This database is generated directly from the WordPress repository and verified via the WordPress API. When opting-in, BlogSafe scanner will poll the BlogSafe.org API for this data. At no time does BlogSafe Scanner directly contact the WordPress SVN.
During this opt-in contact the following information may be sent:
a. A list of plugins and themes found on your website along with their versions.
- Unzip and upload the entire directory to the
- Activate the plugin through the ‘Plugins’ menu in WordPress
- Security fix to 3rd party code.
- Patch for WP ob_end_flush() bug.
- PHP notices suppressed.
- Fixed multi-site detection.
- Suppressed buffer notices when not used.
- Complete update of menuing system in preparation of potential addons.
- Reworked buffered output during scans to better provide real-time scanning updates.
- Added language files for en
- Updated scan routines to produce a report instead of static output.
- Removing files from the ignore list now triggers a full scan requirement.
- Initial public release.