WP-CLI is the command-line interface for WordPress. You can update plugins, configure multisite installations and much more, without using a web browser. This tool need ssh access to server using it. More information for this tool found their homepage.
This tutorial we show how you can detect malware’s in WordPress installation.
WP-CLI Installation
Depend your server, but example cPanel server we can install it normal user home directory without root access:
[wordpress@localhost ~]$ pwd /home/wordpress
mkdir bin cd bin curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar mv wp-cli.phar wp chmod 755 wp
More installing info here.
Checking malware in WordPress installation directory
cd ~/public_html wp core verify-checksums
Sometimes there may some plugins which need skip to scan, so you can use this command:
wp core verify-checksums --skip-plugins
Here list files, that they not are original, so they may be modified and include malware:
Warning: File doesn't exist: index.php Warning: File doesn't exist: wp-config-sample.php Warning: File doesn't verify against checksum: wp-settings.php Warning: File doesn't verify against checksum: wp-includes/theme-compat/footer.php Warning: File doesn't verify against checksum: wp-includes/ID3/module.tag.id3v1.php Warning: File doesn't verify against checksum: wp-admin/includes/ms.php Warning: File doesn't verify against checksum: wp-admin/user-edit.php Warning: File doesn't verify against checksum: wp-admin/link.php Warning: File doesn't verify against checksum: wp-admin/install.php
Here are also files that should not exist, so we need look them manually also and check is there malware and then take action like delete files:
Warning: File should not exist: wp-admin/css/colors/blue/default.php Warning: File should not exist: wp-admin/css/colors/midnight/sq.php Warning: File should not exist: wp-admin/css/lsvdkpaw.php Warning: File should not exist: wp-admin/network/sq.php Warning: File should not exist: wp-admin/.htaccess Warning: File should not exist: wp-includes/js/jquery/ui/ienlfuel.php Warning: File should not exist: wp-includes/IXR/rebnghol.php Warning: File should not exist: wp-includes/capsyqjw.php Warning: File should not exist: wp-includes/bmF2aWdvaW5uaW5vcGV0dGFqYXQuZmk=.txt Warning: File should not exist: wp-includes/d3d3Lm5hdmlnb2lubmlub3BldHRhamF0LmZp.txt Warning: File should not exist: wp-includes/.htaccess Error: WordPress installation doesn't verify against checksums.
Here simple Guide to check files to detect malwares and remove them.
Final words
Always make your WordPress installation up to date, like core, plugins and theme files. If you are a server administrator, you may also use ModSecurity to get full protection to a web applications.