“A new way to clean hacked WordPress sites”
I’ve spent the past couple of years learning and writing shell scripts. I’m also passionate about WordPress. As I’m often asked to clean hacked WordPress sites, I started to work on a script that automates this in a world where Corona still was just a beer.
Today I’m ready to announce WP Sweeper.
It’s a shell script that automates a lot of the tasks needed to clean a hacked WordPress sites. I’ve used this to clean more than a thousand sites. And now I’m unleashing my project onto the world, making it available for everyone.
I’ve built following functions into WP Sweeper:
- Clean/replace WordPress core files
- Clean/replace WordPress plugin files
- Clean/replace WordPress theme files
- Malware scan
Why a shell script and not a plugin?
This was a very conscious decision. While a plugin is very easy to use, it is also dependent on WordPress itself. Which means that if your WordPress site is hacked to pieces and you can’t log into your backend anymore, your plugin can’t be used either.
A shell script can be run independently of WordPress, so it does not matter if you can still access your WordPress or not. In essence, your WordPress can throw a fatal error at you and you’d still be able to use WP Sweeper.
What doesn’t it do (yet) ?
It doesn’t clean the database. But when I find a way to do this with a high enough success ratio, I’ll add it to the roadmap.
This is already in development/on the roadmap:
- Restore point integration (backup before actions, option to restore to prior state)
- WordPress Network (Multisite) support
- Support for the Bedrock boilerplate
- Headless functionality (running it based on cronjobs)
For me this whole development process has been quite a journey. And yet, launching the product, the journey has only just begun. I’m proud of myself getting here and very proud of my creation. I hope it will help a lot of you to rapidly clean hacked WordPress sites.
All the best,