Nowadays it’s very usual to have wordpress sites hacked, website hosters often have to go through scanning process themself as it gets the worst when a compromised account starts email spamming. I had to go through the similar process & I had ~100 accounts which were compromised so badly so instead of doing it manually, I spent few hours & created a nice bash script for it.
You can find that bash script at: https://github.com/saadismail/wp-clean/
Usage:
You’ll need to download that bash script on your server:
|
1
|
wget https://raw.githubusercontent.com/saadismail/wp–clean/master/wp–clean.sh
|
Then give script executable permissions:
|
1
|
chmod +x wp–clean.sh
|
|
1
|
./wp–clean.sh $cpanel_username
|
What script will do:
- Firstly it’ll replace all of core files with fresh ones downloaded from wordpress repository. Core files includes everything except wp-config.php & wp-content (You should also check under wp-config.php if there is some exploit put there).
- Then it’ll remove all files except index.php under sub-directories of wp-content folder.
- Then it’ll try to download all plugins & replace them with fresh ones. Here comes the tricky part. Script will firstly check if that plugin’s zip is putted under /tmp/infectwp/plugins/ directory (It can be helpful if that plugin is a custom/paid plugin), if it’ll not find it there then it’ll try to download from wordpress repository & that will go unsuccessful then lastly it’ll put an error under /tmp/infectwp/log/$cpanel_username.txt.
- Then it’ll check under wp-content/uploads & it’s sub-directories for any php files, it’ll just check & output all those but won’t delete anything to be in safe side.
- Now it’ll check under your wp-config.php file, get database credentials, grab all current users from your database & will ask password of which of those user you want to reset. You’ll have to write ID of that user & press enter.
- Then it’ll run a MySQL query & let you know the current active wordpress theme & then it’ll tell you the password it resat to.
- Now it’ll ask if you want to replace theme package with fresh one too, simply reply with “1” if you want to (recommended).
- Then it’ll ask for a direct link (wgettable) to that theme archive, archive should must be tar.gz/zip/tar. If it’ll be able to download that theme successfully then it’ll remove all of wordpress themes & will extract the archive you just give it.
- Then at last it’ll fix the permissions according to cPanel’s standard.
Also read: Good VPN
Note:
You should only run this script if you’ve familiarity with CLI & know what this script will do. Feel free to modify it as per your needs, this script is posted under GNU General Public License.
