WordPress Malware Removal

Wordpress Malware

Jump to: navigation, search

Clean and test paying client websites: • If site found infected, should be checked in billing.

• If it belongs to a client who has a security package, then move forward. Otherwise scan the website and open a ticket to the client.

• Check the site with our api scanner first: http:4goodhosting.com/scan/sucuri.html • Go through the shown infections, if any. • Do a maldet scan, maldet –a /home/username/public_html

• Next login to the Wordpress Security Portal: http:4ghblogs.com/security0102/wp-login.php

• Check all updates required in this portal. If updates are shown, apply those pending updates.

• Next login to our Kali Linux portal through ssh: 64.69.89.12 Port 3233

• Run wpscan: wpscan –url oshawacyclingclub.org

• There are many options for wpscan, for checking plugins and themes.

• There is enough debug information related to wordpress and its components, which can be used to diagnose the fault/infection/vulnerabilities and its cause.

• Wpscan can be run for more detailed information on the site in questions.

• Nikto is another tool which can be used to find vulnerabilities. You can use it like nikto -host oshawacyclingclub.org

• This will give you even more insight into the site in question.

• You will need to search online for all the vulnerabilities presented by these tools. This will in turn show you what actually is vulnerable on the website and causing malware infections.

• In the end, make sure the site is clean and test it well. All pages and links are to be tested along with the login page for admin.

WPSCAN Usage

Enumerating Plugins

To enumerate plugins, all we need to do is launch wpscan with the –enumerate p arguments like so.

wpscan –url http(s):www.yoursiteurl.com –enumerate p or to only display vulnerable plugins: wpscan –url http(s): www.yoursiteurl.com –enumerate vp