remove malicious code wordpress

remove_harmful-code.php

<?php
/**
 * remove malicious code 
 * Removing a string in a PHP file with Start and End
 */

set_time_limit(0);

define('ABSPATH', dirname( __FILE__ ) );

getDirContents ( ABSPATH );

function getDirContents($dir){
    $files = scandir($dir);

    foreach($files as $key => $value){
        $path = realpath($dir.'/'.$value);
        if(!is_dir($path)) {
            // do something with the file
			      $info = pathinfo( $path );
			
			      if ( $info['extension'] != "php") continue;
			
			
      			$content = file_get_contents($path);
      			$reg = '/<\?\s*php\s*if\(!isset\(\$GLOBALS\[\"\\\\x61(.*?)-1;\s*\?>/s';
      
      			$count = 0;
      			$newContent = preg_replace ($reg, '', $content, -1, $count);

      			if($count === 1) {				
      				file_put_contents ($path, $newContent);
      			}
			
        } else if($value != "." && $value != "..") {
            // folders
			    getDirContents($path, $results);
        }
    }   
}

echo "Completed";

remove_malicious.php

<?php
/**
 * remove malicious code 
 * Removing a string in a PHP file with Start and End
 * PHP version 5.4 or greater
 */ 
set_time_limit(0);

define('ABSPATH', dirname(__FILE__) . '/wp-content/');
$directory_iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(ABSPATH, RecursiveDirectoryIterator::SKIP_DOTS));


$file_infected = 0;
foreach($directory_iterator as $filename => $file)
{
    if ($file->getExtension() !== "php") {
        continue;
    }
    $content = file_get_contents($filename);
    $reg = '/<\?\s*php\s*if\(!isset\(\$GLOBALS\[\"\\\\x61(.*?)-1;\s*\?>/s';

    $count = 0;
    $newContent = preg_replace ($reg, '', $content, -1, $count);

    if($count === 1) {
        file_put_contents ($filename, $newContent);
        $file_infected++;
    }
}
echo 'Total infected files: '.$file_infected;
echo 'Remove malicious code successfully';