MalCure WordPress plugin comes with some serious powers under the hood. With such tremendous feature-set and agility it’s only reasonable that you take a minute to read what’s available and how to use it. Here’s the information you need to get started with it.
Malcure WP CLI Integration
malCure integrates excellently with WP CLI and comes in handy on broken WordPress installs or in case where the website is disabled by the webhost or even large sites where the web-interface could take exceptionally long or simply terminate because of the website firewall etc. Here are some commands to get you started.
Documentation valid as of malCure malware Removal v 4.0
Basic Malcure WP CLI Commands
Show malCure command-line help.
wp malcure help
Show WordPress system information.
wp malcure info
List hidden files and directories.
wp malcure hidden
Getting ready to scan with Malcure WP CLI
Register malcure for free to get definition updates.
wp malcure register --firstname.lastname@example.org --mc-fname="Firstname" --mc-lname="Lastname"
Update definitions. Please run the previous command first. Definition updates are only available to registered users.
wp malcure sync
Managing License & premium features
Display license status. If no license key is provided, attempts to use the saved one.
wp malcure status licensekeyhere
Activate malCure with premium features.
wp malcure activate licensekeyhere
Deactivate your license key. If no license key is provided, attempts to deactivate the saved one.
wp malcure deactivate licensekeyhere
malCure scan from WP CLI
Before you scan it’s strongly recommended that you register the install for free and update the definitions. Without definitions malCure can only check file integrity for WordPress core files and plugins installed from the repository.
Start malware scan.
wp malcure scan
Set how many files to scan per batch. Default is 50.
wp malcure scan --mcbatchsize=100
Don’t show suspicious files. Shows suspicious files by default. Equivalent to the “paranoia” mode in the web GUI.
wp malcure scan --mcsuspicious=false
Skip all directories with the name mu-plugins and
wp malcure scan --mcskipdirs="mu-plugins,backups"
Show status of each file.
wp malcure scan --mcdebug=true
Match for custom regex pattern in files. (Files with correct checksum are never match against any signatures).
wp malcure scan --mcregex="/find_.*_me/is"
Match for custom regex pattern in files. The following example queries the database for all posts, post_meta, options table for
%script% sql query and matches the string
wp malcure scan --mcdbquery="%script%" --mcdbregex="/href=\/malware/"
Extra Command That Come In Handy
Save scan output to a log file. Requires the
unbuffer wp malcure scan |& tee rootedts.log
Download file to local directory over ssh
scp email@example.com:foobar.txt /local/dir