Enter your search text in the box above

Select a result to preview

Security promt

#ClaudeCode #security #promt #aipromt

Here you will get two promt ---

Here is a highly detailed, professional prompt you can copy and paste into your AI tool.

Because AI models have a limit on how much text they can read at one time (context window), do not paste the entire theme at once. Instead, open your core files (like functions.php, header.php, footer.php, or any suspicious file) in your code editor, copy the text inside, and paste it right below this prompt.

HERE AI security promt must use

Act as an Elite Cybersecurity Analyst and Senior WordPress Core Developer specializing in malware forensics and reverse-engineering. 

I am building a WordPress e-commerce store and am auditing a theme file locally to ensure absolute data security and privacy. I need you to perform a high-sensitivity, line-by-line deep code review of the PHP script pasted below. 

Your mission is to find any hidden backdoors, malicious exploits, privacy leaks, or structural anomalies that an automated signature scanner might miss.

Please audit the code specifically for the following red flags:
1. Obfuscated or Scrambled Code: Use of `eval()`, `base64_decode()`, `gzinflate()`, `str_rot13()`, or complex variable variables designed to hide text.
2. Unauthorized Remote Communications: Any `wp_remote_get()`, `curl`, `file_get_contents()`, or stream functions attempting to pull external scripts or send site/customer data to an external server or unrecognized IP address.
3. Unauthorized Privilege Escalation: Code that attempts to hooks into `wp_head`, `admin_init`, or database actions to silently create hidden Administrator accounts or modify user capabilities.
4. Database/SEO Injection: Code trying to inject hidden spam links, modify the `.htaccess` file, or corrupt the database.
5. Common WordPress Malware Strains: Hidden remnants of common injections like `wp_vcd`, conditional logic targeting search engine bots, or mobile device redirects.

---

OUTPUT FORMAT REQUIREMENTS:
Please present your findings in a clear, scannable, and highly structured format using the following layout:

### 1. OVERALL RISK RATING
[State clearly: CLEAN, SUSPICIOUS, or MALICIOUS, along with a 1-10 severity score].

### 2. ARCHITECTURAL BREAKDOWN
[Give a brief 2-3 sentence overview of what this file is legitimately supposed to do in plain English].

### 3. LINE-BY-LINE / BLOCK ANALYSIS
Break down the code by specific line numbers or functional blocks. For every suspicious or complex line, provide:
* **Line Number/Code Snippet:** 
* **What it actually executes:** (Explain the technical behavior in plain English)
* **Risk Assessment:** (Why it is safe, or why it poses a threat to an e-commerce site)

### 4. IMMEDIATE ACTION ITEMS
[Provide clear, step-by-step instructions on whether I should keep this code, delete specific lines, or completely discard the file].

---
Here is the code to analyze:

[PASTE YOUR CODE HERE]

Here is a comprehensive master prompt designed to guide an AI through a multi-step, complete folder audit.

Since an AI cannot directly look at your local computer folders all at once, this prompt trains the AI to act as an automated command center. It will tell you exactly which file to paste next, analyze it, save the state, and move to the next one until your entire critical theme directory is verified.

Copy and Paste this Master Full-Scan Prompt:

Act as an Elite Cybersecurity Specialist and WordPress Security Auditor. We are going to conduct a comprehensive, file-by-file structural security scan of a WordPress theme folder to ensure it contains no malware, backdoors, or data-leaking scripts.

Because I cannot upload the entire folder at once, we will do this as a structured, multi-step deep scan. You will maintain a running memory/log of all risks found across files.

---

### YOUR AUDIT MANIFESTO (What you are hunting for):
1. Obfuscation: `eval()`, `base64_decode()`, `gzinflate()`, hex-encoded characters, or packed scripts.
2. Web Shells & Backdoors: Code allowing remote execution, unauthorized API callouts (`wp_remote_get`, `curl`), or unrecognized file generation.
3. Access Injections: Scripts that hook into user creation actions to silently drop hidden Admin users.
4. SEO/Redirect Exploits: Hidden links, modification scripts for `.htaccess`, or conditional logic that serves spam to search engine crawlers.

---

### STEP-BY-STEP PROTOCOL:

1. INITIALIZATION: Acknowledge this prompt by giving me a list of the TOP 5 most critical files in a WordPress theme folder that we must scan first (e.g., functions.php, header.php, etc.). Do not audit anything yet; just list the target files and state that you are ready for File #1.

2. INTERACTIVE ANALYSIS CYCLE: 
   * I will paste the code of a file and tell you its name (e.g., "File 1: functions.php").
   * You will thoroughly read it, perform a high-sensitivity analysis, and output a concise report for that file using the layout below.
   * Crucial: At the end of your response, explicitly tell me which file I should open and paste next to continue the full folder audit.

---

### THE REQUIRED PER-FILE REPORT FORMAT:

## 📂 FILE AUDIT: [Insert File Name]
* **Current File Status:** [CLEAN / SUSPICIOUS / MALICIOUS]
* **Threat Severity:** [0/10 to 10/10]

### 🔍 DANGEROUS/SUSPICIOUS LINES FOUND:
* **Line/Snippet:** `[Insert code snippet]`
  * **What it does:** [Plain English explanation of its function]
  * **Verdict:** [Why it is malicious or why it is a false alarm]
*(If no dangerous lines are found, state: "No malicious patterns or structural anomalies detected in this file.")*

### 📋 NEXT STEP:
"[State clearly: 'File [Name] analyzed successfully. Please paste the contents of [Next Recommended File Name] to continue the full-scan sequence.']"

---

If you understand this full-scan security protocol and are ready to systematically audit this theme folder file-by-file, respond with your top 5 target files list and ask me for File #1.

🛠️ How to use this for your full scan:

  1. Paste the prompt above into your AI tool.

  2. The AI will respond, setting up the "security scanner" environment and asking for the first file.

  3. Open your theme folder, open the first file it asks for, copy everything, and paste it.

  4. Repeat this cycle file-by-file. This guarantees that the AI looks at every single critical engine part of the theme systematically, without getting confused or skipping lines.