Here is an idea for a WordPress hack defense that I think would put an end to WordPress link injection hacking. I don’t have time to write this script, but maybe someone else will.
The script would do the following:
- log into your WordPress server over SSH
- take a snapshot of your filesystem including filesizes and permissions
- repeat with cron
- if there are any discrepancies, email the diff to you – or, if it’s a desktop program, then show the status in your desktop widget
- If it were a desktop program, it could have a list of new files to moderate. Once you checked that you approve the file changes, then the program would recognize those new files as being safe
Just brainstorming here. It could be a shell script, or a GUI program that sits in your taskbar, or even a widget/gadget…
There would be discrepancies every time you uploaded a new file, but better to get a notification about the change than to have your site hacked and penalized by Google.
If someone wants to program this, contact me because I have more ideas about it. Please make it GPL and cross platform 
Popularity: 14% [?]
4 Comments
Another thought: this script would probably have to watch the database for changes to post, comment, and except text also. Otherwise hidden links could be injected into the database.
What about creating the wp-content/1 directory yourself and chmodding it to 000?
I did that after I heard about the new exploit, and haven’t gotten hit with that one yet. The attack that got my site was a backdoor created with a file called something like class-mail.php in my includes directory…
A little bit off topic:
You also need to watch external data sources, like feeds from other sites.