Title: Threat Scan Plugin
Author: Keith P. Graham
Published: <strong>2010년 4월 9일</strong>
Last modified: 2024년 7월 14일

---

플러그인 검색

![](https://ps.w.org/threat-scan-plugin/assets/banner-772x250.jpg?rev=644748)

이 플러그인은 **최근 3개의 주요 워드프레스 출시와 시험 되지 않았습니다**. 워드프레스의
좀 더 최근 버전으로 이용할 때 더 이상 관리되지 않고 지원되지 않고 호환성 문제가 
있을 수 있습니다.

![](https://s.w.org/plugins/geopattern-icon/threat-scan-plugin_81927c.svg)

# Threat Scan Plugin

 작성자: [Keith P. Graham](https://profiles.wordpress.org/kpgraham/)

[다운로드](https://downloads.wordpress.org/plugin/threat-scan-plugin.1.4.zip)

 * [세부사항](https://ko.wordpress.org/plugins/threat-scan-plugin/#description)
 * [평가](https://ko.wordpress.org/plugins/threat-scan-plugin/#reviews)
 *  [설치](https://ko.wordpress.org/plugins/threat-scan-plugin/#installation)
 * [개발](https://ko.wordpress.org/plugins/threat-scan-plugin/#developers)

 [지원](https://wordpress.org/support/plugin/threat-scan-plugin/)

## 설명

This is a very simple threat scan that looks for things out of place in the content
directory as well as the database.

It searches PHP files for the occurrence of the eval() function, which, although
a valuable part of PHP is also the door that hackers use in order to infect systems.
The eval() function is avoided by many programmers unless there is a real need. 
It is sometimes used by hackers to hide their malicious code or to inject future
threats into infected systems. If you find a theme or a plugin that uses the eval()
function it is safer to delete it and ask the author to provide a new version that
does not use this function.

When you scan your system you undoubtedly see the eval used in javascript because
it is used in the javascript AJAX and JSON functionality. The appearance of eval
in these cases does not mean that there is a possible threat. It just means that
you should inspect the code to make sure that it is in a javascript section and 
not native PHP.

The plugin continues its scan by checking the database tables for javascript or 
html where it should not be found.

Normally, javascript is common in the post body, but if the script tag is found 
in a title or a text field where it does not belong it is probably because the script
is hiding something, such as a hidden admin user, so that the normal administration
pages do not show bad records. The scan looks for this and displays the table and
record number where it believes there is something hinky.

The scan continues looking in the database for certain html in places where it does
not belong. Recent threats have been putting html into fields in the options table
so that users will be sent to malicious sites. The presence of html in options values
is suspect and should be checked.

The options table will have things placed there by plugins so it is difficult to
tell if scripts, iframes, and other html tags are a threat. They will be reported,
but they should be checked before deleting the entries.

This plugin is just a simple scan and does not try to fix any problems. It will 
show things that may not be threats, but should be checked. If anything shows up
you should try to repair the damage or hire someone to do it. I am not a security
expert, but a programmer who discovered these types of things in a friend’s blog.
After many hours of checking I was able to fix the problem, but a professional could
have done it faster and easier, although they would have charged for it.

You probably do not have a backup to your blog, so if this scan shows you are clean;
your next step is to install one of the plugins that does regular backups of your
system. Next make sure you have the latest WordPress version.

If you think you have problems, the first thing to do is change your user id and
password. Next make a backup of the infected system. Any repairs to WordPress might
delete important data so you might lose posts, and the backup will help you recover
missing posts.

The next step is to install the latest version of WordPress. The new versions usually
have fixes for older threats.

You may want to export your WordPress posts, make a new clean installation of WordPress,
and then import the old posts.

If this doesn’t work it is time to get a pro involved.

A clean scan does not mean you are safe. Please do Backups and keep your installation
up to date!

### Support

This plugin is in active development. All feedback is welcome.
 If this plugin helps
you, you might support my programming by buying one of my books: https://linktr.
ee/keithpgraham

## 설치

 1. Download the plugin.
 2. Upload the plugin to your wp-content/plugins directory.
 3. Activate the plugin.
 4. There are no options. Clicking on the Settings link will perform the scan.

## 후기

이 플러그인에 대한 평가가 없습니다.

## 기여자 & 개발자

“Threat Scan Plugin”(은)는 오픈 소스 소프트웨어입니다. 다음의 사람들이 이 플러그인에
기여하였습니다.

기여자

 *   [ Keith P. Graham ](https://profiles.wordpress.org/kpgraham/)
 *   [ keith graham ](https://profiles.wordpress.org/keith-graham/)

[자국어로 “Threat Scan Plugin”(을)를 번역하세요.](https://translate.wordpress.org/projects/wp-plugins/threat-scan-plugin)

### 개발에 관심이 있으십니까?

[코드 탐색하기](https://plugins.trac.wordpress.org/browser/threat-scan-plugin/)는,
[SVN 저장소](https://plugins.svn.wordpress.org/threat-scan-plugin/)를 확인하시거나,
[개발 기록](https://plugins.trac.wordpress.org/log/threat-scan-plugin/)을 [RSS](https://plugins.trac.wordpress.org/log/threat-scan-plugin/?limit=100&mode=stop_on_copy&format=rss)
로 구독하세요.

## 변경이력

#### 1.3

 * Updated for newer versions of WordPress 5.7.1 and PHP

#### 1.2

 * Updated for newer versions of WordPress 5.4.1 and PHP

#### 1.1

 * Updated for newer versions of WordPress and PHP

#### 1.0

 * Added more detailed information
 * Confirmed compatibility with WordPress 3.5

#### 0.9

 * Fix small errors and compatibility with WordPress 3.0

#### 0.8

 * First test release

## 기초

 *  버전 **1.4**
 *  최근 업데이트: **2년 전**
 *  활성화된 설치 **400+**
 *  워드프레스 버전 ** 3.0 또는 그 이상 **
 *  다음까지 시험됨: **6.6.5**
 *  언어
 * [English (US)](https://wordpress.org/plugins/threat-scan-plugin/)
 * 태그:
 * [hacked](https://ko.wordpress.org/plugins/tags/hacked/)[scan](https://ko.wordpress.org/plugins/tags/scan/)
   [Threats](https://ko.wordpress.org/plugins/tags/threats/)[virus](https://ko.wordpress.org/plugins/tags/virus/)
 *  [고급 보기](https://ko.wordpress.org/plugins/threat-scan-plugin/advanced/)

## 평점

 별 5점 만점에 5점.

 *  [  1/5-별점 후기     ](https://wordpress.org/support/plugin/threat-scan-plugin/reviews/?filter=5)
 *  [  0/4-별점 후기     ](https://wordpress.org/support/plugin/threat-scan-plugin/reviews/?filter=4)
 *  [  0/3-별점 후기     ](https://wordpress.org/support/plugin/threat-scan-plugin/reviews/?filter=3)
 *  [  0/2-별점 후기     ](https://wordpress.org/support/plugin/threat-scan-plugin/reviews/?filter=2)
 *  [  0/1-별점 후기     ](https://wordpress.org/support/plugin/threat-scan-plugin/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/threat-scan-plugin/reviews/#new-post)

[모든  리뷰 보기](https://wordpress.org/support/plugin/threat-scan-plugin/reviews/)

## 기여자

 *   [ Keith P. Graham ](https://profiles.wordpress.org/kpgraham/)
 *   [ keith graham ](https://profiles.wordpress.org/keith-graham/)

## 지원

할 말 있으신가요? 도움이 필요하신가요?

 [지원 포럼 보기](https://wordpress.org/support/plugin/threat-scan-plugin/)

## 기부

이 플러그인이 발전하도록 도우시겠습니까?

 [ 이 플러그인에 기부하기 ](https://www.kpgraham.com)