Malcure WP CLI Integration & Cheatsheet

malcure malware removal documentation

MalCure WordPress plugin comes with some serious powers under the hood. With such tremendous feature-set and agility it’s only reasonable that you take a minute to read what’s available and how to use it. Here’s the information you need to get started with it.

Malcure WP CLI Integration

Malcure Advanced Edition integrates excellently with WP CLI and comes in handy on broken WordPress installs or in case where the website is disabled by the webhost or even large sites where the web-interface could take exceptionally long or simply terminate because of the website firewall etc. Here are some commands to get you started.

Documentation valid as of Malcure Malware Scanner v 9.1

Basic Malcure Malware Scanner WP CLI Commands

Show Malcure command-line help.

wp malcure help

Show WordPress system information.

wp malcure info

List hidden files and directories.

wp malcure hidden

Getting ready to scan with Malcure WP CLI

Register Malcure Malware Scanner for free to get definition updates.

wp malcure register --mc-fname="Firstname" --mc-lname="Lastname"

Update definitions. Please run the previous command first. Definition updates are only available to registered users.

wp malcure sync

Managing License & premium features

Display license status. If no license key is provided, attempts to use the saved one.

wp malcure status licensekeyhere

Activate Malcure with premium features.

wp malcure activate licensekeyhere

Deactivate your license key. If no license key is provided, attempts to deactivate the saved one.

wp malcure deactivate licensekeyhere

Malcure scan from WP CLI

Before you scan it’s strongly recommended that you register the install for free and update the definitions. Without definitions Malcure can only check file integrity for WordPress core files and plugins installed from the repository.

Start malware scan.

wp malcure scan

Set how many files to scan per batch. Default is 50.

wp malcure scan --mcbatchsize=100

Don’t show suspicious files. Shows suspicious files by default. Equivalent to the “paranoia” mode in the web GUI.

wp malcure scan --mcsuspicious=false

Skip all directories with the name mu-plugins and backups

wp malcure scan --mcskipdirs="mu-plugins,backups"

Show status of each file.

wp malcure scan --mcdebug=true

Match for custom regex pattern in files. (Files with correct checksum are never match against any signatures).

wp malcure scan --mcregex="/find_.*_me/is"

Match for custom regex pattern in files. The following example queries the database for all posts, post_meta, options table for %script% sql query and matches the string href=malware

wp malcure scan --mcdbquery="%script%" --mcdbregex="/href=\/malware/"

Extra Commands That Come In Handy

Save scan output to a log file. Requires the expect package

unbuffer wp malcure scan |& tee rootedts.log

Download file to local directory over ssh

scp /local/dir


Malcure malware scanner is a free toolset for WordPress malware removal. It is a robust WordPress plugin which detects infections, security threats and vulnerabilities. Malcure Advanced Edition is a pro version of the plugin with the following premium features:

  • Single click repair, clean and whitelisting of files.
  • Real-time malware definition updates.
  • WP CLI support for scanning via command line.
  • Use custom definitions and patterns to scan for new virus strains.
  • Skip / Scan specific files and directories to save time.
  • Automatic periodic scan via WP CLI

Note: WP CLI support is available in Malcure Advanced Edition only. Upgrade Malcure Malware Scanner to pro version to detect and remove malware like a pro!

This article is written by Evelyn Allison. Evelyn has over two decades of experience with the big-tech corporate giants. Starting in 2002 with consumer IT remote support, he transitioned into IT enterprise support and systems provisioning for Windows and Linux servers. Her prowess spans her expertise in network security, security audit and scripting-based-automation. Actively involved in web security since 2017, Evelyn has worked with various technologies to secure the web, leveraging tech like Nginx, modsecurity, reverse-proxies, developing web-application-firewalls, on-the-fly asset optimization using Google’s PageSpeed Module and more. Her expertise is reflected in the top-tier plugins and comprehensive consulting-services she offers in the domain of web-security.