Skip to main content

Malware Cleanup

Malware is one of the most common issues with Wordpress Sites , this is mainly due to plugins which are not updates or simply bad user practices.Recommended approach to cleanup -

This guide assumes that wp cli is availbile -

1

Check maldet logs if detection were made

cat /usr/local/maldetect/logs/event_log | grep hits

grep search based on signatures found

grep -r -e 'exp' --include=*.php

Reset Wordpress

Change directory to the WordPress install directory , In most cases the best way to start is check core files are infected and replace them if required -

# Check if checksums are ok 
wp core verify-checksums --allow-root

Before changing any files, please get the wordpress version to know which version needs to be downloaded.

# Get wordpress version
cat wp-includes/version.php | grep wp_version

Then remove the core files

rm -rf wp-admin ; rm -rf wp-includes
rm -rf {SITEUID}
# Reinstall Wordpress 
wp core download --force --skip-content --version= --allow-root

StepScan 3with Third party plugin

As a third step we will use Wordfence to do a final scan to find files which we might have missed .

Back to top