---
title: "Step-by-Step guide to efficiently reinstalling infected WordPress Core using WP CLI"
date: 2020-02-04
author: "Shiv"
featured_image: "https://malcure.com/wp-content/uploads/2020/02/wordpress-manual-reinstall.jpg"
categories:
  - name: "Security"
    url: "/blog/security.md"
---

# Step-by-Step guide to efficiently reinstalling infected WordPress Core using WP CLI

![reinstall WordPress from command line](https://malcure.com/wp-content/uploads/2020/02/wordpress-manual-reinstall-1024x682.jpg "Reinstalling infected WordPress using WP CLI")Let’s accept it, **malware cleanup** is a pain. Our time at Malcure Web Security is best spent researching new infections and building better products to keep our customers happy than to cleanup the same malware again and again. When malware issues break, most of the [malware removal](https://malcure.com/wordpress-malware-removal-service/) tickets are about the same infection… because some popular plugin (or theme) got hacked. You cannot simply get away with scan and deletion of infection files. You have to **repair WordPress installation** to make sure the core is clean before cleaning the infected files.

So it’s time to automate what we can and focus our energy where it’s spent best. A typical manual WordPress install takes about 30 mins. If that sounds dumb then let me explain. WordPress’s famous 5 minute install doesn’t count the time it takes to upload WordPress files. If you count that in, you download, extract, upload, create a database… forgot the cPanel credentials? Look for them, you get the story.

For the sake of brevity, let’s define WordPress core as all the files that come in the default download of WordPress.

On hacked sites, **just reinstalling WordPress doesn’t fix issues**. Because when you reinstall the core files, the files are overwritten. But any non-core files injected into the core directories aren’t overwritten. The idea is to delete the core folders and then go ahead with the reinstall. It’s very important that to [fix a hacked site](https://malcure.com/blog/security/10-steps-to-remove-malware-from-your-wordpress-site/) you **reinstall WordPress without losing data**.

Before you delete, make sure you have [WP CLI](https://wp-cli.org/) and the requisite permissions so that you can **reinstall WordPress from command line**.

WP-CLI (WordPress Command Line Interface) is a command-line tool specifically designed for WordPress. It allows developers and system administrators to [manage WordPress installations](https://malcure.com/blog/utilities/wp-cli-cheatsheet/) directly from the command line. With WP-CLI, you can perform many tasks that you’d typically do in the WordPress admin dashboard, but often more quickly and efficiently.

Do you have a backup? Cool.

## Steps for WordPress manual re-install

1. Change into the root of your WordPress install.
2. Delete wp-admin directory  
    `rm -rf wp-admin`
3. Delete wp-includes directory  
    `rm -rf wp-includes`
4. **Install WP Core with ‘wp core download’**   
    For this we are going to use the nifty wp cli command **wp core download**. **Note:** `wp core download --force` and `wp core update --force` don’t clean up (old) files — [GitHub Issue #2183](https://github.com/wp-cli/wp-cli/issues/2183)
    
    ```
    wp core download --force --skip-content --locale=nl_NL --version=6.1.1
    ```
    
    The locale and version parameters are optional. The force directive forces overwriting of existing files.  
    If you want to do this over FTP the old-school way, you can download the archive locally, extract and upload it to the server… The download is at: `https://downloads.wordpress.org/release/wordpress-<version>-no-content.zip` eg. `https://downloads.wordpress.org/release/wordpress-6.1.1-no-content.zip`

### Verify Checksums \[optional\]

```
wp core verify-checksums
```

### Time to reinstall plugins: \[optional\]

[Reinstalling WordPress plugins with WP CLI](https://malcure.com/blog/security/batch-reinstalling-infected-wordpress-plugins-wp-cli/) is a breeze too. First create a list of plugins. You are specifically looking for the plugin slugs which are the same as the plugin’s installation folder name.

Try the following command to get the output in an easy to copy and modify format:

```
wp plugin list --status=active
```

This will output all the files / directories allowing you to copy-paste and then to a regex search replace to issue commands.

Note down the active plugins; you’ll need this list to activate them later. Delete the existing plugins.

Then for each plugin run the following command to install the plugin:

```
wp plugin install plugin-folder --force
```

In case you want to activate the plugin while installing, use the following format:

```
wp plugin install plugin-folder --force --activate
```

Save this somewhere. If you are into bash scripting you can automate the entire thing. For example here is a [bash script for reinstalling infected WordPress plugins using WP CLI](https://malcure.com/blog/security/batch-reinstalling-infected-wordpress-plugins-wp-cli/). Hash-bang-it!