One of the key features of Malcure Advanced Edition is that you can use it to scan very large WordPress installs from the Linux shell using WP-CLI. This makes for an extremely robust solution allowing you to automate scheduled scans periodically with the flexibility of customising the reporting etc.
In order to get this going, you need to be familiar with bash scripting as well as the Linux cron which enables you to schedule tasks.
Since this functionality is only provided by Malcure Advanced Edition, you need to make sure that you have a licensed version of the plugin active on the site. If not, please refer to the malware removal plugin cheatsheet.
The key commands to deploy the plugin are in the following sequence:
wp plugin install wp-malware-removal --activatewp malcure activate <insert your license key here>
Finally the command wp malcure scan_alt initiates the scan.
In order to put everything together, here’s a bash script which you can customize and schedule to run periodically via cron:
#!/bin/sh wp plugin install wp-malware-removal --activate --path=/path/to/wordpress/installation/ wp malcure activate <insert your license key here> --path=/path/to/wordpress/installation/ wp malcure scan_alt --path=/path/to/wordpress/installation/
If the name of the script is malware-scanner.sh, you can call it like so:
./malware-scanner.sh 2>&1 | tee scan-$(date +%s).logThe above command initiates the scan and outputs the progress on the screen as well as logs it into a file named scan-<timestamp>.log
If you just want a one-off run, you can do this from the WordPress installation directory:
wp malcure scan_alt 2>&1 | tee scan-$(date +%s).logIf you view the contents of the log file, depending on the scan results, they will look like this:
cat install-1654014611.log
||**********************************************************************|| ███╗ ███╗ █████╗ ██╗ ██████╗██╗ ██╗██████╗ ███████╗ ████╗ ████║██╔══██╗██║ ██╔════╝██║ ██║██╔══██╗██╔════╝ ██╔████╔██║███████║██║ ██║ ██║ ██║██████╔╝█████╗ ██║╚██╔╝██║██╔══██║██║ ██║ ██║ ██║██╔══██╗██╔══╝ ██║ ╚═╝ ██║██║ ██║███████╗╚██████╗╚██████╔╝██║ ██║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝ ||*********************** © Copyright 2020 MalCure ********************|| ||*********************** Author — ********************|| ||*********************** Shiv / author@plugin.com ********************|| New Definition Updates Are Available. INSTALLED: YpD94M LATEST: vnCV5M Please enable definition-auto-updates in settings to auto-update definitions. Files To Scan: 16812 Batch-Size: 50 DATABASE SCAN RESULTS SEVERE hW5G4L Found database infection(s) in Post id 1. post-type → post. Threat Level → severe. SEVERE hW5G4L Found database infection(s) in Post id 107856. post-type → revision. Threat Level → severe. SEVERE hW5G4L Found database infection(s) in Post id 107857. post-type → revision. Threat Level → severe. SEVERE hW5G4L Found database infection(s) in Post id 107860. post-type → revision. Threat Level → severe. FILE SCAN RESULTS HIGH d0BG6L /wordpress/public_html/.htaccess SEVERE ZOA6CL /wordpress/public_html/up.php SEVERE hnKB8L /wordpress/public_html/wp-classes.php SUSPICIOUS unknown /wordpress/public_html/wp-admin/unknown.php Success: Malcure Scan Completed in 34 mins!
These commands are a mere pointer for sysadmins who manage hosting/deployment and must be used at one’s own risk.
With some customization you can also email the logs, maintain their archives or enable automatic alerts in case an infection is found.