SAK4WP – Swiss Army Knife for WordPress
Swiss Army Knife for WordPress is a standalone tool which allows you to perform some recovery operations on your WordPress site.
This tool is intended to be used for a short time only and then removed in order to prevent security issues.
The tool records the current IP address and browser info and will not work with from any other IP or browser.
Upload !sak4wp.php in the folder where your WordPress installation is.
Then open your browser and navigate to http://yoursite.com/!sak4wp.php
Note: The file name is intentionally prefixed by an exclamation mark (!) to make sure the file appears first in the list of files, even above .htaccess.
That way you should be able to see it in case you forget the file.
- Dashboard – Shows some description about the app.
Built-in Self Destroy mechanism (must be user triggered) -> the script will try to remove itself.
If that is not accessible (due to permissions issues). The user must delete the !sak4wp.php file manually
(e.g. by using an FTP client or accessing the file from a control panel).
- When data is shown in tables the currently viewed row is nicely highlited.
- Shows User and Server’s IP
- Easy to Use
Limit Login Attempts related features
- Allows you to Unblock yourself or somebody else from Limit Login Attempts plugin
- Added a link to a whois service to see more info about the blocked IP.
- It shows WordPress site stats e.g. number of posts, pages, users, attachments, revisions etc. Numbers are nicely formatted.
- Db version info, db config details parsed from wp-config.php
- Shows if you are running an older or the latest WordPress version. Links to update and to the latest wp are provided.
- Shows site’s disk space usage (du -sh linux only)
- Shows total server’s disk usage with nice coloring on the total disk size, usage and free space (df -h linux only)
- Shows top processes (top -b -n 1 linux only)
- Shows free memory (free -m linux only)
- Lists top 15 larger files (linux only)
- Shows phpinfo
- Showing wp base dir.
- Detect if wp caching is enabled
- Check if caching is in within WP base dir.
- Showing load average
- Using Orbisius_WP_SAK_Util::m() to output some simple error messages
List Page Templates
- This module allows you to see which page templates are use by your pages.
- This module allows you to protect WordPress admin area by creating an .htaccess and .htpasswd files.
- Protects wp-login.php too
- User and Passwords can be auto-generated
- TODO: check a list of sites if they have successfully protected their wp-admin folder
- TODO: cookie remember pwd?
TODO: Update .htaccess files
Note: This will stop affect WordPress registrations because WP uses wp-login.php for registrations.
You can overcome that if you use a plugin that handles the registrations without relying on wp-login.php file.
- offer zip archive
- prefill db account on db dump screen
This module searches for local WordPress installations (linux only). It starts from a specified folder and shows the found WordPress installations and their versions.
Useful if you manage multiple WordPress sites and want to make sure all of them are running the latest WordPress version.
It also allows you to find old/forgotten WordPress installations. If the version cannot be detected it will show 0.0.0
The versions that are older will be shown in red, the up-to-date ones will be shown in green.
This module allows you to manage plugins: bulk download, install, and activate plugins. TODO: (de)activate, delete.
Just enter the plugin’s WordPress.org page or a zip file location (web) and the plugin will be downloaded and extracted into wp-content/plugins directory.
The plugin will show which links are skipped and if they were successfully extracted. The file size of the downloaded file is shown.
The plugin directory where the download plugin will be extract is shown. Warning: If the plugin already exists its files will be overridden!
SAK4WP checks the remote file size before downloading the file. Plugins files larger than the limit (10MB) will be not be downloaded.
Temporary files from the download are deleted later so they don’t take too much space in the TMP folder which should be cleaned on reboot anyways.
Plugin list can be retrieved from a text or HTML file.
This module allows you to see user account, user meta info, to log in as a user without knowing their password. TODO: Create, delete users.
Administrators accounts are highlighted.
This module allows you to run SAK4WP more securely. The first time you access SAK4WP, it will save your IP and browser info.
If somebody else accesses the file from a different IP or browser, he/she will be stopped.
The module doesn’t require any…