MalCure WordPress plugin comes with some serious powers under the hood. With such tremendous feature-set and agility it’s only reasonable that you take a minute to read what’s available and how to use it. Here’s the information you need to get started with it.
Table of Contents
Malcure WP CLI Integration
Malcure Advanced Edition integrates excellently with WP CLI and comes in handy on broken WordPress installs or in case where the website is disabled by the webhost or even large sites where the web-interface could take exceptionally long or simply terminate because of the website firewall etc. Here are some commands to get you started.
Documentation valid as of Malcure Malware Scanner v 9.1
Basic Malcure Malware Scanner WP CLI Commands
Show Malcure command-line help.
wp malcure help
Show WordPress system information.
wp malcure info
List hidden files and directories.
wp malcure hidden
Getting ready to scan with Malcure WP CLI
Register Malcure Malware Scanner for free to get definition updates.
wp malcure register --mc-email=myemail@example.com --mc-fname="Firstname" --mc-lname="Lastname"
Update definitions. Please run the previous command first. Definition updates are only available to registered users.
wp malcure sync
Managing License & premium features
Display license status. If no license key is provided, attempts to use the saved one.
wp malcure status licensekeyhere
Activate Malcure with premium features.
wp malcure activate licensekeyhere
Deactivate your license key. If no license key is provided, attempts to deactivate the saved one.
wp malcure deactivate licensekeyhere
Malcure scan from WP CLI
Before you scan it’s strongly recommended that you register the install for free and update the definitions. Without definitions Malcure can only check file integrity for WordPress core files and plugins installed from the repository.
Start malware scan.
wp malcure scan
Set how many files to scan per batch. Default is 50.
wp malcure scan --mcbatchsize=100
Don’t show suspicious files. Shows suspicious files by default. Equivalent to the “paranoia” mode in the web GUI.
wp malcure scan --mcsuspicious=false
Skip all directories with the name mu-plugins and backups
wp malcure scan --mcskipdirs="mu-plugins,backups"
Show status of each file.
wp malcure scan --mcdebug=true
Match for custom regex pattern in files. (Files with correct checksum are never match against any signatures).
wp malcure scan --mcregex="/find_.*_me/is"
Match for custom regex pattern in files. The following example queries the database for all posts, post_meta, options table for %script% sql query and matches the string href=malware
wp malcure scan --mcdbquery="%script%" --mcdbregex="/href=\/malware/"
Extra Commands That Come In Handy
Save scan output to a log file. Requires the expect package
unbuffer wp malcure scan |& tee rootedts.log
Download file to local directory over ssh
scp your_username@example.com:foobar.txt /local/dir
Summary
Malcure malware scanner is a free toolset for WordPress malware removal. It is a robust WordPress plugin which detects infections, security threats and vulnerabilities. Malcure Advanced Edition is a pro version of the plugin with the following premium features:
- Single click repair, clean and whitelisting of files.
- Real-time malware definition updates.
- WP CLI support for scanning via command line.
- Use custom definitions and patterns to scan for new virus strains.
- Skip / Scan specific files and directories to save time.
- Automatic periodic scan via WP CLI
Note: WP CLI support is available in Malcure Advanced Edition only. Upgrade Malcure Malware Scanner to pro version to detect and remove malware like a pro!