Skip to content

Latest commit

 

History

History
41 lines (21 loc) · 2.52 KB

Examples.md

File metadata and controls

41 lines (21 loc) · 2.52 KB

Examples

Scanning a single directory for malware

A basic example of recursively scanning the /var/www directory for malware.

wordfence malware-scan /var/www

Writing malware scan results to a CSV

A basic example of recursively scanning the /var/www directory for malware and writing the results to /home/username/wordfence-cli-scan.csv.

wordfence malware-scan --output-format csv --output-path /home/username/wordfence-cli-scan.csv /var/www

Running Wordfence CLI in a cron

Run Wordfence CLI in a cron job daily to scan /var/www and email the results to [email protected]. The results are also written to /home/username/wordfence-cli-scan.csv as the username user. This would be similar to how a scheduled scan works within the Wordfence plugin.

0 0 * * *  username /usr/bin/flock -w 0 /tmp/wordfence-cli-scan.lock /usr/local/bin/wordfence malware-scan --output-format csv --output-path /home/username/wordfence-cli-scan.csv --email [email protected] /var/www 2>&1 /var/log/wordfence/malware-scan.log; /usr/bin/rm /tmp/wordfence-cli-scan.lock

The cronjob uses a lock file at /tmp/wordfence-cli-scan.lock to prevent duplicate scans from running at the same time. Any output and errors are logged to /var/log/wordfence/malware-scan.log. Please update the paths from this example based on the system this is intended to run on.

Piping files from find to Wordfence CLI

Find files under the directory /var/www/ that have changed in the last hour and scan them with Wordfence CLI:

find /var/www/ -cmin -60 -type f -print0 | wordfence malware-scan

We recommend that you use ctime over mtime and atime as changing the ctime of a file requires root access to the file system. mtime and atime can be arbitrarily set by the file owner using the touch command.

Automatically repairing known files belonging to WordPress

Run Wordfence CLI on a WordPress installation under /var/www/wordpress and automatically repair any files infected with malware:

wordfence malware-scan --output-columns filename -m null-delimited /var/www/wordpress | wordfence remediate

Automatically repairing known files, and automatically deleting unknown files

Run Wordfence CLI on a WordPress installation under /var/www/wordpress and automatically repair any files infected with malware. For any additional files found that aren't automatically repaired, delete them:

wordfence malware-scan --output-columns filename -m null-delimited /var/www/wordpress | wordfence remediate --output-columns path -m null-delimited -u | xargs -0 rm