malCure WordPress Malware Removal Plugin Cheatsheet

MalCure WordPress plugin comes with some serious powers under the hood. With such tremendous feature-set and agility it’s only reasonable that you take a minute to read what’s available and how to use it. Here’s the information you need to get started with it.

Malcure WP CLI Integration

malCure integrates excellently with WP CLI and comes in handy on broken WordPress installs or in case where the website is disabled by the webhost or even large sites where the web-interface could take exceptionally long or simply terminate because of the website firewall etc. Here are some commands to get you started.

Documentation valid as of malCure malware Removal v 4.0

Basic Malcure WP CLI Commands

Show malCure command-line help.

wp malcure help

Show WordPress system information.

wp malcure info

List hidden files and directories.

wp malcure hidden

Getting ready to scan with Malcure WP CLI

Register malcure for free to get definition updates.

wp malcure register --mc-email=myemail@example.com --mc-fname="Firstname" --mc-lname="Lastname"

Update definitions. Please run the previous command first. Definition updates are only available to registered users.

wp malcure sync

Managing License & premium features

Display license status. If no license key is provided, attempts to use the saved one.

wp malcure status licensekeyhere

Activate malCure with premium features.

wp malcure activate licensekeyhere

Deactivate your license key. If no license key is provided, attempts to deactivate the saved one.

wp malcure deactivate licensekeyhere

malCure scan from WP CLI

Before you scan it’s strongly recommended that you register the install for free and update the definitions. Without definitions malCure can only check file integrity for WordPress core files and plugins installed from the repository.

Start malware scan.

wp malcure scan

Set how many files to scan per batch. Default is 50.

wp malcure scan --mcbatchsize=100

Don’t show suspicious files. Shows suspicious files by default. Equivalent to the “paranoia” mode in the web GUI.

wp malcure scan --mcsuspicious=false

Skip all directories with the name mu-plugins and backups

wp malcure scan --mcskipdirs="mu-plugins,backups"

Show status of each file.

wp malcure scan --mcdebug=true

Match for custom regex pattern in files. (Files with correct checksum are never match against any signatures).

wp malcure scan --mcregex="/find_.*_me/is"

Match for custom regex pattern in files. The following example queries the database for all posts, post_meta, options table for %script% sql query and matches the string href=malware

wp malcure scan --mcdbquery="%script%" --mcdbregex="/href=\/malware/"

Extra Command That Come In Handy

Save scan output to a log file. Requires the expect package

unbuffer wp malcure scan |& tee rootedts.log

Download file to local directory over ssh

scp your_username@example.com:foobar.txt /local/dir