I’m a huge fan of the scorched earth clean up for WordPress. By which I mean when I clean up WP, I rip it out, scrub it, and reinstall. This scares the heck out of people sometimes, and if you’re doing it in a GUI, yeah, it can be sucky and time consuming. Me? I do it in 5-10 minutes, depending on if my cat wants to be petted.
I’ve been asked ‘How do you do it that fast?’ so here are my steps for cleaning up WP, with the following assumptions:
- I’m working in the folder where WP is installed
- wp-config.php is in this folder
- WP is in ‘root’ (i.e. I’m not giving WP it’s own folder)
If any of those aren’t true for you, adjust the folder locations in the commands:
wget -P ../ http://wordpress.org/latest.zip
unzip -qq -d ../ ../latest.zip
wp db export
Pause. Here I’m using WP CLI, which makes my life way easier. If you’re not, you’ll need something like this:
mysqldump --opt --user=username --password=password --host=yourMySQLHostname dbname > domain_com.sql
Zip up the files I want to backup:
zip -r ../domain.zip *.sql wp-config.php .htaccess wp-content/
Set glob. Glob is scary, I know, but read about glob before you dismiss it (if you’re on korn, you can usually skip this):
shopt -s extglob
rm -rf !(wp-config.php|wp-content)
Pause. At this point, It’s probably wise to consider that my hack may be in my theme and/or plugin. If so, I want to nuke them and JUST keep my uploaded files, so I use this instead…
rm -rf !(wp-config.php|wp-content) wp-content/!(uploads|blogs.dir)
Pause again. No matter what, want to scan for evil files, but this way I do it over a much smaller group of files. Either way, though, I do want to scan the folder for evil, because leaving behind hacks in themes and plugins is really common. Also it’s a good idea to delete every plugin you don’t use, and theme as well. Since you really can’t delete all themes but one on a Multisite, this gets harder. Generally I don’t delete the themes automatically, but instead go in and nuke them one at a time, so I run this…
rm -rf !(wp-config.php|wp-content) wp-content/!(uploads|blogs.dir|themes|mu-plugins)
Now we can move on, knowing our personal files are clean.
Copy it back:
cp -r ../wordpress/* .
Clean it up:
rm -rf ../wordpress ../latest.zip
And now you’re done! When you want to reinstall plugins and themes, I do via wp-cli because it’s faster:
wp plugin install NAME and
wp theme install NAME
Then I activate as needed and I’m off to the races. If I deleted my mu-plugins, I copy those back from my backup zip, one at a time, checking each file for hacks.
The best thing about this is you can apply the logic to any CMS out there. Just know what you have to delete and keep. The downside? It doesn’t touch your database. Rarely is this an issue for me, except in the case of the Pharma hack. I’ve not had a DB infected yet.
Do you have a solid methodology for cleaning it up?