is it possible to check for malware infections using WP-CLI only?

This topic is empty.

Viewing 8 posts - 1 through 8 (of 8 total)

Author

Posts
12 Nov, 2024 at 7:08 am #41646

Daniel
Guest

Sorry if this is not your focus, I’m looking into using CLI tools for checking if any malware infections and the only think I found is checksum tools for WP CLI and the Ubuntu packages are not very good for WordPress.

12 Nov, 2024 at 7:08 am #41647

Russell
Guest

checksum tools, you mean like this?

How to Run a Quick Security Check Using WP-CLI

12 Nov, 2024 at 7:11 am #41648

Sarah
Guest

For WordPress Core:

wp core verify-checksums --version=$(wp core version)

For Plugins:

wp plugin verify-checksums --all

13 Nov, 2024 at 5:34 am #41653

Linda
Guest

I never knew about this, very useful 👍🏻

14 Nov, 2024 at 9:43 am #41656

Carl
Guest

it would be nice to have something like the Wordfence malware library but only via CLI, the plugin is so bloated

29 Dec, 2024 at 11:25 am #42255

Scott
Guest

tldr, not really… it’s more like just checking for file integrity.

29 Dec, 2024 at 11:26 am #42256

Maria
Guest

I suggest any WordPress site owner have remote backups in place, and not from Updraft or random backups plugins (which can also get infected) but from an actual remote service over SSH/SFTP like CodeGuard:

CodeGuard

19 Jan, 2025 at 10:13 am #42455

Brittany
Guest

Malware is way more complicated than most people realize. It is constantly changing and evolving, every single day. Therefore, detecting it must also be changing always, which is a nearly impossible task and never 100% possible. The best you can do especially for WordPress is often “best guess” when the file checksums are not correct, core files are missing or altered, things like that. Or calls to remote servers are detected within the code, but again that is very subjective.

tl;dr relying on malware detection or security plugins is a crapshoot.
Author

Posts