This script check Wordpress integrity and send email if something wrong.
You shoud add it to crontab like this
0 */1 * * * /opt/check_wordpress_infected.sh > /dev/null
#!/bin/bash
WP_RESULT=$(/usr/local/bin/wp core verify-checksums --allow-root --path=/var/www/web/ 2>&1)
IS_OK=${WP_RESULT:0:7}
if [ "$IS_OK" == "Success" ]; then
echo "No problem found. Have a nice day!"
else
echo "Problem is: >>> $WP_RESULT <<<"
echo "Problem found: $WP_RESULT " | mail -s "Wordpress problem" your_email@gmail.com
fi
If you wordpress was infected you can find files wich was created after some day.
find /var/www/web/ -type f -newerat 2020-09-08 ! -newerat 2020-09-09
$ find ./ -type f -mtime -3
find /var/www/web/ -mtime -2 -name '*.php*' | xargs grep -iP "(exec|system|gzinflate|md5|eval|base64_decode)\s*\("
i have multiple websites in this path /var/www/ how do loop the script?