How To

How to Clean Hacked WordPress site

Nowadays it’s very usual to have wordpress sites hacked, website hosters often have to go through scanning process themself as it gets the worst when a compromised account starts email spamming. I had to go through the similar process & I had ~100 accounts which were compromised so badly so instead of doing it manually, I spent few hours & created a nice bash script for it.

You can find that bash script at: https://github.com/saadismail/wp-clean/

Usage:
You’ll need to download that bash script on your server:

Then give script executable permissions:

What script will do:

  • Firstly it’ll replace all of core files with fresh ones downloaded from wordpress repository. Core files includes everything except wp-config.php & wp-content (You should also check under wp-config.php if there is some exploit put there).
  • Then it’ll remove all files except index.php under sub-directories of wp-content folder.
  • Then it’ll try to download all plugins & replace them with fresh ones. Here comes the tricky part. Script will firstly check if that plugin’s zip is putted under /tmp/infectwp/plugins/ directory (It can be helpful if that plugin is a custom/paid plugin), if it’ll not find it there then it’ll try to download from wordpress repository & that will go unsuccessful then lastly it’ll put an error under /tmp/infectwp/log/$cpanel_username.txt.
  • Then it’ll check under wp-content/uploads & it’s sub-directories for any php files, it’ll just check & output all those but won’t delete anything to be in safe side.
  • Now it’ll check under your wp-config.php file, get database credentials, grab all current users from your database & will ask password of which of those user you want to reset. You’ll have to write ID of that user & press enter.
  • Then it’ll run a MySQL query & let you know the current active wordpress theme & then it’ll tell you the password it resat to.
  • Now it’ll ask if you want to replace theme package with fresh one too, simply reply with “1” if you want to (recommended).
  • Then it’ll ask for a direct link (wgettable) to that theme archive, archive should must be tar.gz/zip/tar. If it’ll be able to download that theme successfully then it’ll remove all of wordpress themes & will extract the archive you just give it.
  • Then at last it’ll fix the permissions according to cPanel’s standard.

Also read: Good VPN

Note:
You should only run this script if you’ve familiarity with CLI & know what this script will do. Feel free to modify it as per your needs, this script is posted under GNU General Public License.

Click to comment

Leave a Reply

Your email address will not be published.

To Top