I suspect that an ex-employee, who had ftp and backend access to our WordPress site, created and installed an API to allow smartphone access to our database. How can I detect queries being made to the database and see what is requesting them?
Thanks
Asked
Active
Viewed 74 times
1 Answers
0
If you want to log all MySQL (just a guess) queries you can go with the solution in this post: Log all queries in mysql
But it should be mentioned that this is not wise for a production site.
Besides, if you really expect that he could have altered the installation with malicious code you should either reinstall a fresh wordpress and transfer all data or at least validate the code files against a fresh wordpress installation to check for altered code. Basically this is the same as for a potentially penetrated system, restart at a backup point that you trust or with a fresh copy.
-
You say "validate files against a fresh wordpress installation." Is there something that will compare two wordpress installations and report the differences? – Steve Feb 06 '17 at 16:07
-
On Linux a simple way to compare two directories would be: `diff --brief -r dir1/ dir2/`. Since the wp-content directory will contain a lot of custom data you have to do some manual work to check that. Maybe compare it with an old backup. – Finn Feb 06 '17 at 19:27