BlogSafe Scanner Help

Contents

Frequently Asked Questions

Full Scan

When a full scan is run, BlogSafe Scanner contacts the WordPress website and downloads checksums for the official WordPress install files as well as any plugins you have installed.  Because there are currently no official checksums listed for themes, BlogSafe Scanner temporarily downloads any themes you have installed from the official WordPress website and creates checksums for those.  It essentially compares your WordPress install, official plugins and official themes to known good checksums.

Quick Scan

The quick scan can only be run once a full scan has been completed.  The quick scan locates all of the executable script files on your server like: .cgi, .php, .js, etc. and creates a checksum for each of them. It then compares that checksum against the last time a scan was run and looks for differences. It also locates new files that have been uploaded to your server.  Because the quick scan only looks at files with the greatest potential to cause harm and because it does not download official checksums, it's not as thorough and may produce different results compared to a full scan.  But, it's much faster.

When a new or modified file is detected, you have the option of updating or ignoring the file.  Updating the file will tell BlogSafe Scanner that you are aware of the modification but should it be modified in the future, BlogSafe Scanner should alert you.  By ignoring a file, you're telling BlogSafe Scanner that you never want to be alerted when that file is modified.

Yes.  BlogSafe scanner examines the WordPress version installed on your server compared to the last time it was run. If your copy of WordPress has been updated, BlogSafe scanner forces a full scan and will download the latest checksums from the official WordPress site.

BlogSafe Scanner also detects the addition of plugins and themes as well as changes in their version numbers when they are updated.  Again, if a change is detected, BlogSafe Scanner forces a full scan and will update the checksums for those plugins and themes.

Because no single source exists for checksums for premium plugins or themes BlogSafe scanner is not able to detect if the files have been modified from the author's originals.  However, BlogSafe scanner does record the checksum of these files when it scans them.  From that point on, if they are ever modified, BlogSafe Scanner will alert you to those changes.

This also means that when you download a new version of a premium plugin or theme, BlogSafe Scanner will detect all of those files as having been modified.  In which case, you simply check the 'update' box for all of the new plugin or theme files and click the 'Submit Manual Update' button.

When BlogSafe Scanner detects a modified file, it alerts you in one of two ways, either with a yellow "Modified" or a red "Modified Official File".

Modified

When a file is simply listed as modified it means that it's not an official WordPress core file or it's not a plugin or theme that's available for download from the official WordPress site. It also means that it's contents has changed since the last time you ran BlogSafe Scanner. While BlogSafe Scanner alerts you to ANY modified file, you should be particularly suspicious of modified files that are capable of being executed, like: .cgi, .php, .js, etc.

Modified Official File

This alert indicates that the file comes from the official WordPress site and that the checksum of the file on your server does not match the one provided by WordPress. Unless you're aware of the modifications to this file, you should be particularly suspicious of it especially if it's an executable file like: .cgi, .php, .js, etc.

Simple answer: Yes and No.

Checksum scanners like BlogSafe Scanner make their comparisons based on the initial checksum of the files it examines. In the case of files supplied by WordPress.org, the initial checksum is known by WordPress and BlogSafe Scanner retrieves and compares those checksums to the ones on your server. So, in the case of official files, it can detect those that have been modified from their original.

Other files on your server, like premium plugins and themes, have their initial state calculated when BlogSafe Scanner first runs.  That means that if they're already infected, BlogSafe Scanner won't detect them as suspicious.  It will however alert you should they be modified in the future.

BlogSafe Scanner also detects and alerts you to any new files that have been uploaded to your server.  While it will not detect if they are malicious, it will alert you that they are suspicious.

Your website's hosting environment plays a huge role in how fast BlogSafe Scanner can perform scans.  A good example for comparison is: We tested BlogSafe Scanner in a shared hosting environment and it was able to perform full scans of 11,059 files in 7.62 sec. and quick scans in 3.28 sec.

Yes!  However, it should only be activated on the parent site.

BlogSafe.org maintains a database of over 87,000 plugins and 21,000 themes.  It checks weekly to see when the last time a plugin was updated.  If it hasn't been updated in over a year, BlogSafe Scanner will alert you that the plugin or theme may be abanoned.

BlogSafe.org creates a mirror of the U.S. NIST National Vulnerability Database that's specific to WordPress.  If a plugin or theme is on your server and it's listed in the NIST database, BlogSafe Scanner will alert you to this threat.  From there, you should check for any updates to this theme or plugin or remove it from your WordPress install.

  1. Attempting to delete the free version of BlogSafe Scanner while the Plus version is active will produce and error.  Temporary workaround:
    1. Deactivate both versions of BlogSafe Scanner.
    2. Delete the free version.
    3. Activate the Plus version.