.d8888b.  888      8888888888        d8888 888b    888
d88P  Y88b 888      8888888888       d88888 8888b   888
888    888 888      888             d88P888 88888b  888
888        888      8888888        d88P 888 888Y88b 888
888        888      8888888       d88P  888 888 Y88b888
888    888 888      888          d888888888 888  Y88888
Y88b  d88P 88888888 8888888888  d8888888888 888   Y8888
 Y8888P  88888888 8888888888 d88P     888 888    Y888
                                                       
                               888       888 8888888b. 
      by @etragardh            888   o   888 888   Y88b
      provided as is         888  d8b  888 888    888
      stay safe                888 d888b 888 888   d88P
                               888d88888b888 8888888P 
      www.cleanwp.io           88888P Y88888 888       
                               8888P   Y8888 888       
                               888P     Y888 888       

re inventing wordpress cleaning

Hi, I’m Emil. A swedish hacker and I think I can bypass, trick or deactivate every single wordpress malware scanner on the market – except this one – because it’s not a malware scanner. It’s a wordpress cleaner and It’s based on cryptographically safe and secure algorithms inspired by the bitcoin blockchain.

CleanWP
Free for users
Others
variable pricing
Accuracy
100% cryptographically prooven
It varies
Part of infected site
If it is a plugin (or talking to a plugin), or depends on PHP, or depends on connection to the site, it can be tricked or bypassed easily. CleanWP is written in golang, does not need the site to be online and cannot be altered or tampered with by malware.
Nope
Yes
Looking for malware
It is not possible to find all malware. Malware hunting is based on luck. CleanWP does not utilize that strategy.
Nope
Yes
Removes malware
Malware can be removed even if its not "found" based on cryptography. CleanWP does not care if it removes a white space, extra comment or a malware. It removes everything that is not supposed to be there.
Yes, all the time
Only when found
Restore infected files
Infected files should be swapped out for clean ones. Not "fixed". Just deleted and replaced.
Yes, based on original source
Variable result and methods
Agressive cleaning
CleanWP has different modes. The agressive one has 100% accuracy when removing malware.
Yes, lets you know what is deleted
Does rather keep site operational
Knows the intrusion vector
CleanWP has no idea how you got hacked. It will just fix the problem and let you start where you were.
No
Maybe some times
Server hardening
(apache)
Firewall
(WAF / Web Application Firewall)
Static file serving
Country blocking
vPatches
(virtual patching)
Dynamic content serve
(e-commerce and such)
Dynamic blocklist
(globally managed by us)
Free hack fixes
(we fix the site for you if it gets hacked)
SLA Required
View less details
View more details

How to use

~# cleanwp

This is a “dry run”. It will just tell you what will happen if you run the command with the –agressive flag later.

~# cleanwp --agressive

Among some other things, this will agressivly:

  • Restore WP Core to original
  • Restore your theme to original, or delete it
  • Restore your child-theme to original (from git is possible), or delete it
  • Restore free plugins to original
  • Restore premium plugins to original (we host a repo), or delete them

The above is considered safe to delete since the original is known or can be re created. The tool will be able to recreate even a lot of premium code since we host a repo of our own. Help from premium developers is appreciated.

It will also:

  • Delete everything in wp-content/ except uploads/
    • Content here is either created by a plugin or WP core and can be recreated again. In rare cases you might have to restore a file or two that you actually want in here.
  • Delete everything in wp-content/uploads/ that is not an image
    • Search regular images for any code (not just malware)
    • Delete all SVGs, you have to replace them
  • Put .htaccess in uploads/ folder to deny execution in the future
  • Scan database for any executable (ie if you are using a page builder code block)
    • deactivate code execution (you re enable it one by one)

Last but not least:

  • It will rotate all your secrets and keys in wp-config.php
  • It will rotate all your secrets and keys in database
  • It will ask you to pick a new database user and password
  • It will invalidate all admin-users in the database
  • It will create a new admin-user in the database and tell you the credentials