Added .php in uploads directory script

PDowney · PDowney · commit c0866989f33a · 2023-10-08T02:31:15.000-04:00
other minor changes.
diff --git a/scripts/functions/security/find-php-in-uploads.sh b/scripts/functions/security/find-php-in-uploads.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+#----------------------------------------------------------------------------
+# EngineScript - A High-Performance WordPress Server Built on Ubuntu and Cloudflare
+#----------------------------------------------------------------------------
+# Website:      https://EngineScript.com
+# GitHub:       https://github.com/Enginescript/EngineScript
+# Company:      VisiStruct / EngineScript
+# License:      GPL v3.0
+# OS:           Ubuntu 22.04 (jammy)
+#----------------------------------------------------------------------------
+
+# EngineScript Variables
+source /usr/local/bin/enginescript/enginescript-variables.txt
+source /home/EngineScript/enginescript-install-options.txt
+
+# Check current user's ID. If user is not 0 (root), exit.
+if [ "${EUID}" != 0 ];
+  then
+    echo "${BOLD}ALERT:${NORMAL}"
+    echo "EngineScript should be executed as the root user."
+    exit
+fi
+
+#----------------------------------------------------------------------------
+# Start Main Script
+
+cd /var/www/sites
+printf "Please select the site you want to scan for issues\n"
+select d in *; do test -n "$d" && break; echo ">>> Invalid Selection"; done
+cd "$d"/html && echo "Locating .php files in the uploads directory. Scan may take a bit, standby for results."
+echo -e "\n\nThis could indicate a security issue and/or risk on your server.\nNot everything is dangerous, so research thoroughly before taking any action.\n\nFound the following .php files:"
+find ./wp-content/uploads -name "*.php"
+
+# Ask user to acknowledge that the scan has completed before moving on
+echo ""
+echo ""
+read -n 1 -s -r -p "Press any key to continue"
+echo ""
+echo ""
diff --git a/scripts/functions/security/wp-cli-doctor.sh b/scripts/functions/security/wp-cli-doctor.sh
diff --git a/scripts/menu/security-tools-menu.sh b/scripts/menu/security-tools-menu.sh
@@ -32,14 +32,18 @@ while true
     echo ""
     echo ""
     PS3='Please enter your choice: '
-    secoptions=("10up WP-CLI Vulnerability Scan" "PHP Malware Finder" "Wordfence CLI Malware Scan" "WP-CLI Doctor" "WPScan Vulnerability Scan" "Exit Security Tools")
+    secoptions=("10up WP-CLI Vulnerability Scan" "Find PHP Files in Uploads Directory" "PHP Malware Finder" "Wordfence CLI Malware Scan" "WP-CLI Doctor" "WPScan Vulnerability Scan" "Exit Security Tools")
     select secopt in "${secoptions[@]}"
     do
       case $secopt in
         "10up WP-CLI Vulnerability Scan")
           /usr/local/bin/enginescript/scripts/functions/security/10up-vuln-scanner.sh
           break
           ;;
+        "Find PHP Files in Uploads Directory")
+          /usr/local/bin/enginescript/scripts/functions/security/find-php-in-uploads.sh
+          break
+          ;;
         "PHP Malware Finder")
           /usr/local/bin/enginescript/scripts/functions/security/php-malware-finder.sh
           break
@@ -49,7 +53,7 @@ while true
           break
           ;;
         "WP-CLI Doctor")
-          /usr/local/bin/enginescript/scripts/functions/server-tools/wp-cli-doctor.sh
+          /usr/local/bin/enginescript/scripts/functions/security/wp-cli-doctor.sh
           break
           ;;
         "WPScan Vulnerability Scan")
diff --git a/var/www/wordpress/wp-config.php b/var/www/wordpress/wp-config.php
@@ -42,7 +42,7 @@
 //define( 'WP_REDIS_DISABLED', 'true' ); // Emergency disable method
 //define( 'WP_REDIS_IGBINARY', 'true' ); // Better compression. Saves memory, slower
 //define( 'WP_REDIS_IGNORED_GROUPS', 'PLACEHOLDER' );
-define( 'WP_REDIS_MAXTTL', '43200' ); // 43200 seconds = 12 Hours
+define( 'WP_REDIS_MAXTTL', '43200' ); // 43200 seconds = 12 hours
 //define( 'WP_REDIS_PASSWORD', 'PLACEHOLDER' );
 define( 'WP_REDIS_PATH', '/run/redis/redis-server.sock' );
 define( 'WP_REDIS_PREFIX', 'SEDREDISPREFIX' );
