This month the public launch of our 100% free WordPress security tool – WP Fingerprint. Pop the champagne, shout from the rooftops, tweet with wild abandon, or at the very least take 30 seconds to go and install this plugin right now. You’ll be glad you did.
WP Fingerprint started life as one of the custom built, integrated security tools we use on our WordPress Hosting platform. From the feedback and success of this particular feature, we decided it was important to open up access to the greater WordPress community. Even WordPress websites not hosted at 34SP.com can now take advantage of this extra layer of security, and again, completely for free.
So what exactly is WP Fingerprint?
As you might know, WordPress is the most popular open source CMS on the planet. By most estimations a third of the entire web runs WordPress. This makes for an exceptionally big target for hackers to aim at and one of the main vectors of attack against WordPress is plugins. WP Fingerprint works to identify if the plugins on your website have been exploited. If they have, the plugin will let you know to take action ASAP and if we’re your host, *waves*, we’re more than happy to help and advise.
How does it work?
When files on your website change, WP Fingerprint uses checksums to verify if these files are authentic. The WP Fingerprint plugin on your WordPress website examines each of your plugins and creates a SHA-1 checksum for each file within any plugin folder it finds. It also compiles some other basic information about the plugins such as version number.
That information is then relayed back to the WP Fingerprint servers. The WP Fingerprint servers have a large database of plugins (and their versions) we’ve seen in the wild, along with the checksums for each file. We compare the two checksums and let you know what we find. If the checksums match, you have the trusted plugin installed on your website. If the checksums do not match, you might have an exploited file on your website.
If we’ve not yet encountered the plugin (or specific version) you are using, WP Fingerprint spins up a special instance of WordPress on our servers and downloads the plugin you are using from the WordPress repository, exactly as you would do on your own website. We can then validate and store the correct checksum.
WP Fingerprint is now available in the WordPress plugin repository, completely free. It has a very minimal resource overhead and adds an invaluable extra layer of security to your site in seconds. If you use our WordPress Hosting platform, WP Fingerprint is now installed as a must use plugin separate from the other tools we provide – we really think it’s that important.
If you’re not using it, we really think you should do so right away. You can find it in the WordPress plugin repository here: https://wordpress.org/plugins/wp-fingerprint/