Malware Cleanup

Malware is one of the most common issues with Wordpress Sites , this is mainly due to plugins which are not updates or simply bad user practices.Recommended approach to cleanup -

This guide assumes that wp cli is availbile -

Step 1

Change directory to the WordPress install directory , In most cases the best way to start is check core files are infected and replace them if required -

# Check if checksums are ok 
wp core verify-checksums --allow-root

Before changing any files, please get the wordpress version to know which version needs to be downloaded.

# Get wordpress version
cat wp-includes/version.php | grep wp_version

Then remove the core files

rm -rf wp-admin ; rm -rf wp-includes
rm -rf {SITEUID}
# Reinstall Wordpress 
wp core download --force --skip-content --version= --allow-root

Step 3

As a third step we will use Wordfence to do a final scan to find files which we might have missed .