WordPress Malware Scanner

A command-line malware scanner for WordPress installations on Ubuntu-based servers. It combines ClamAV, Linux Malware Detect (LMD), rkhunter, and custom PHP pattern scanning.

---

📦 Features

• Deep scan for known PHP malware patterns
• Integration with ClamAV + LMD
• Rootkit detection
• Custom scan reports and log files
• Safe update and quarantine practices

---

🚀 Installation

1. Script Location

We recommend placing the script in:

/usr/local/bin/wp-malware-scan.sh

This ensures it's executable from anywhere on your server via terminal.

---

🛠️ Steps to Store and Use

# Step 1: Copy the script
sudo cp wp-malware-scan.sh /usr/local/bin/wp-malware-scan.sh

# Step 2: Make it executable
sudo chmod +x /usr/local/bin/wp-malware-scan.sh

# Step 3: Run the script
sudo wp-malware-scan.sh

---

⚙️ Configuration

You can optionally define a config file to point to your WordPress installation path:

sudo cp config/wp-malware-scan.conf.sample /etc/wp-malware-scan.conf

Then edit it:

sudo nano /etc/wp-malware-scan.conf

Example contents:

# Absolute path to your WordPress installation
WP_PATH="/var/www/html"

If this file is missing, the script will default to /var/www/html.

---

📂 Output

• Suspicious PHP patterns:

  ~/suspicious_php.txt
  

• LMD malware reports:

  /usr/local/maldetect/events/
  

• Logs and future output locations:

  • logs/ (empty now, for cronjob or future logs)
  • reports/ (custom location for structured findings)

---

📋 License

MIT