claudeers.

🔓 unclaimed — this page was auto-generated from GitHub. Are you the creator?

Claim this page →
// MCP Servers

wordpress-malware-removal

AI-powered WordPress malware removal & deep scanner (Claude Code / MCP skill). Finds SEO-spam cloaking, the Japanese keyword hack, redirect malware, web-shel…

// install
{
  "mcpServers": {
    "wordpress-malware-removal": {
      "command": "npx",
      "args": ["-y", "https://github.com/adityaarsharma/wordpress-malware-removal"]
    }
  }
}

WordPress Malware Removal

Find the hidden malware your scanner can't see — and learn how they got in.

Google flagged your site. Or it redirects visitors to spam. Or your scanner says "all clean" while gambling pages rank under your domain. That's usually malware built to hide — from you, and from tools that only look at the site the way a browser does.

WordPress Malware Removal finds the stealthy stuff — SEO-spam cloaking, the Japanese keyword hack, redirect malware, web-shells, and backdoors — by checking your site the way Google and an attacker see it. It cleans safely (full backup first, nothing deleted blind, and it puts a file back if a change breaks the site) and tells you how the attacker got in, so it doesn't happen again.

Free · open-source (AGPL-3.0) · runs with any AI coding agent — Claude Code, Cursor, Codex, or any MCP client.


What it does

In plain English:

  1. Looks at your site the way Google and attackers do — not just the way a browser does.
  2. Scans the whole server, your database, your logs, and your users — 12 checks in all.
  3. Reads each suspicious file before touching it, so it's careful about false alarms.
  4. Cleans safely — backs up first, moves bad files to quarantine (doesn't delete), and checks the site still loads after every step. If something breaks, it restores the file.
  5. Tells you how they got in — a stolen password? an outdated plugin? — and helps you close that door.
  6. Proves the spam is gone by re-checking your pages as Googlebot.

Works with your AI agent

Not just Claude. This is designed to be agent-agnostic:

  • The Python scripts run on their own — no AI needed. Scan, detect cloaking, verify core integrity, and check vulnerabilities straight from your terminal.
  • The cleanup methodology works with any capable AI coding agent — Claude Code, Cursor, Codex, or anything that can read a project and run commands. Point your agent at this repo and ask it to scan or clean.
  • It connects to your site over MCP (an open standard) or SSH — so any MCP-compatible client can drive it. SproutOS is the recommended gateway (no SSH needed).
  • Claude Code gets the tightest fit — it loads this as a native skill, so a plain "scan my site" just works.

One tool, your choice of agent. Nothing here is locked to a single vendor.


How it compares

These are all good tools that do different things. The table describes each one's publicly documented approach — it's a comparison of design, not a claim that any product is better or worse. Run this alongside your existing security plugin; a second, independent look never hurts.

Manual cleaningWordfenceMalCareSucuriThis tool
What it isDo-it-yourselfSecurity pluginPlugin + cloudPlugin + remote serviceAI agent / Claude skill
Where it worksYou, on the serverInside WordPressSynced copy on its cloudRemote scan + cloud firewallOver a connection or SSH — whole server
How it finds malwareYour own inspectionSignature matchingBehavioral signalsSignatures + remote checksReads each file in context
Looks atWherever you lookWordPress files & DBWordPress files & DBPublic pages + files (with agent)Whole server, DB, logs, users
Checks pages as Googlebot
(spam shown only to Google)
Only if you know toScans files, not a crawler fetchScans files on its cloudRemote scanner reads public pagesYes — as Googlebot & at the origin
Scans outside wp-contentIf you check thereWordPress-focusedWordPress-focusedPublic URLs; server scan via agentYes — web root and above
Explains how the site was hackedOnly if you dig through logsLive traffic / login loggingActivity-log add-onPost-hack analysis (paid)Built-in log forensics + free vuln check
Reduces false alarmsDepends on your skillPattern rulesSignal scoringSignature rulesReads each file before flagging
Risk of breaking the siteHigh — easy to delete the wrong fileLow–mediumLowLowLow — backup, quarantine, auto-rollback
Skill requiredHighLowLowLowLow — the AI drives it
Undo / rollbackYour own backupsManual restoreRestore from backupRestore from backupQuarantine + automatic rollback
Open sourcen/aFree plugin is GPLPlugin GPL; engine proprietaryPlugin GPL; platform proprietaryFully open (AGPL-3.0)
PriceYour timeFreemiumFreemiumPaid platform (free remote scan)Free

Comparison of each option's publicly documented approach as of 2026, for orientation only — not a claim that any product is better or worse, and features change often, so please check current versions. Product names are trademarks of their respective owners. These tools are complementary; running an independent second scan is always sensible.

What this tool adds on top: it checks your pages as a search engine (to catch spam shown only to Google), scans outside wp-content (web root and above), removes threats quarantine-first with an automatic health check, and explains how the site was hacked.


How to use it

Step 1 — Get it.

git clone https://github.com/adityaarsharma/wordpress-malware-removal.git

Step 2 — Point your agent at it.

  • Claude Code (native skill): ln -s "$(pwd)/wordpress-malware-removal" ~/.claude/skills/wordpress-malware-removal
  • Cursor / Codex / other agents: open the folder in your agent and tell it to follow SKILL.md.
  • No agent: run the scripts directly.

Step 3 — Connect your site (see gateways) — SproutOS (no SSH) or SSH.

Step 4 — Just ask (or run the scripts):

"Scan example.com for malware" "My site shows gambling spam in Google — clean it" "Remove the Japanese keyword hack" "How was this site hacked?"

Optional: find the entry point with the free Wordfence vulnerability feed

The free Wordfence Intelligence feed (free account, no usage cap, commercial use allowed) lets the tool cross-check your installed plugins/themes against known vulnerabilities to find the likely way in.

export WORDFENCE_API_KEY=your_free_key

This is optional — the core malware detection works without it. Setup details: references/wordfence-integration.md.


Keeping it updated

New malware appears constantly, so the detection is built to grow.

  • Update the tool: git pull — you get the latest detection patterns and fixes.
  • Vulnerability data updates itself: the Wordfence feed refreshes automatically (force it with python3 scripts/wordfence_client.py --refresh).
  • Add your own patterns: the signature list (scripts/signatures.json) is easy to extend, and a built-in test corpus + CI make sure a new pattern catches real malware without flagging clean code. Full guide: references/growing-the-database.md.

Contributions welcome — open a PR or an issue.


How it works

The 12-layer forensic scan — click to expand

Every scan runs these layers (each degrades gracefully to the access you actually have). Full commands per layer: references/detection-playbook.md.

#LayerWhat it checks
1External cloakingFetches pages as Googlebot vs a browser (and at the origin behind your CDN) to catch spam shown only to search engines
2Web-root sweepFiles/folders outside wp-content — where a lot of malware hides
3Core integrityModified or extra WordPress core files
4Plugin/theme integrityNulled/hidden plugins, injected code, fake plugins, unauthenticated REST routes
5UploadsExecutable PHP where it shouldn't be
6mu-plugins & drop-insdb.php, object-cache.php, must-use plugins that load on every request
7Web-shells & backdoorsFile managers and tiny auto-login backdoors
8Obfuscationeval(base64…), packed/encoded code
9DatabaseInjection in posts, options, users, redirects, and log tables
10PersistenceCron, .htaccess, PHP prepend, stream-wrappers, server-level backdoors
11Users & sessionsUnexpected admins, rogue application passwords
12Log forensicsReconstructs the attack timeline and finds the entry point + attacker IP

Flow:

Scan (12 layers) -> verify each finding in context (reduce false alarms) -> back up ->
quarantine -> health-check + rollback -> re-check as Googlebot -> harden -> report
How it decides what's malware (the no-false-alarm step)

It never deletes on a pattern match alone. For every suspicious item it:

  1. Reads the actual file/row in context and decides, like an engineer, whether it's malicious or legitimate (a minified library, a code-snippet plugin, an AMP handler, etc.).
  2. Classifies it as confirmed, needs a human, or false alarm. Only confirmed items are removed.
  3. When unsure, it flags for review instead of deleting. A file it leaves for you is recoverable; a wrongly deleted file that breaks your site is not.

Connecting your site

Three ways to connect (SproutOS recommended, none required)
GatewayNeedsBest for
SproutOS (recommended)An Application PasswordNo SSH — connects right inside WordPress
Any other WordPress MCPThe MCP connectedIf you already run one
SSH + WP-CLIShell accessMost complete access

SproutOS turns any WordPress site into an MCP server over an Application Password — no SSH needed. It's a doorway, not a dependency. Command mapping for each gateway: references/mcp-gateways.md.


What it detects

39 malware families — click to expand

SEO-spam cloaking · the Japanese keyword hack · pharma & gambling spam · redirect malware · web-shells · auto-login backdoors · uploader scripts · PHP stream-wrapper payloads hidden in images · fake "core function" loaders that rebuild from the database · unauthenticated REST-route backdoors · PHP object injection · wp-config.php injection · malicious .htaccess rules and DirectoryIndex hijacks · ?g= query-string spam · malicious cron jobs · unexpected admin accounts · rogue application passwords · card skimmers · cryptominers · SSH-key backdoors · files disguised as images · core-filename typosquats · double-extension shells · injected sitemaps · server-level persistence · and more.

Full, explained list: references/signature-library.md · the deep-dive on each family and how it hides: references/malware-families.md.


Standalone scripts

Run the engine directly — zero dependencies, stock Python 3

You don't need Claude to use the core scripts:

# 1. Check for spam shown only to search engines, across your whole sitemap
python3 scripts/cloaking_diff.py --sitemap https://example.com/sitemap.xml --origin-ip 1.2.3.4

# 2. Deep-scan a WordPress folder for the 39 malware families
python3 scripts/scan_patterns.py /path/to/wordpress --since 2026-06-14 --json findings.json

# 3. Check installed plugins/themes against known vulnerabilities (free Wordfence feed)
python3 scripts/wordfence_client.py --installed installed.json
ScriptWhat it does
scripts/cloaking_diff.pyDetects cloaking (bot vs browser, origin vs CDN, JS-redirect)
scripts/scan_patterns.pyPattern-scans a WordPress tree for candidates
scripts/wordfence_client.pyMatches installed versions against known CVEs
scripts/safety_gate.pyCode-enforced backup → quarantine → rollback (won't delete without a backup)
scripts/reinstall_clean.pyVerifies core/plugins against official checksums; reinstalls from clean source
scripts/signatures.jsonThe signature database (easy to extend)

How it cleans safely

The "don't break the site" protocol
  • Makes a full database backup first — and the tool won't delete anything until that backup exists (enforced in code by safety_gate.py, not just a guideline).
  • For malware injected into real WordPress/plugin files, it replaces them from the official clean source (reinstall_clean.py) instead of risky hand-editing.
  • Moves standalone bad files to a quarantine folder — it doesn't delete them.
  • Checks the site still loads after every change; if a change breaks something, it restores the file automatically.
  • Asks you before anything permanent.
  • Re-checks as Googlebot to confirm the spam is actually gone.

It aims to remove every infection it finds and leave the site working. No scanner can promise a site is permanently clean against future or unknown attacks, so it's honest about that: it lists anything it couldn't fully check and suggests a follow-up scan a day or two later to catch anything that tries to come back. Full protocol: references/remediation-playbook.md.


Documentation

All guides — click to expand
DocumentWhat's inside
SKILL.mdThe full methodology the AI follows
SPEC.mdProduct & security specification
references/detection-playbook.mdEvery layer's commands, per gateway
references/remediation-playbook.mdSafe removal: backup → quarantine → verify → rollback
references/cloaking-detection.mdThe bot-vs-browser method in depth
references/malware-families.mdThe malware families + 2026 threat landscape
references/signature-library.mdHuman-readable signature list
references/edge-cases.mdMultisite, custom prefixes, reinfection, safeguards
references/mcp-gateways.mdConnecting via SproutOS / other MCP / SSH
references/wordfence-integration.mdFree Wordfence feed setup
references/growing-the-database.mdHow to grow the vulnerability + attack-pattern coverage
references/incident-case-study.mdA real hack, start to finish

FAQ

How do I remove the Japanese keyword hack?

Connect the tool to your site and say "remove the Japanese keyword hack." It looks for the spam pages that appear only to search engines, rogue sitemaps, .htaccess tricks, and database injections, cleans them safely, and re-checks as Googlebot to confirm they're gone.

My WordPress site redirects visitors to spam. Can it help?

Yes — it looks for redirect code in .htaccess, the database, theme files, and injected JavaScript, including redirects that only trigger on mobile or for search engines.

My scanner says the site is clean, but Google flags it. Why?

Some infections (called cloaking) show spam only to search engines and clean content to everyone else — including scanners. This tool checks your pages as Googlebot, which is how it can spot that kind of infection.

Does it work without SSH?

Yes. Connect SproutOS (over an Application Password) and it runs without shell access.

Will it break my site?

It's designed not to: it backs up first, quarantines instead of deleting, and checks the site after every step, restoring anything that causes a problem.


A real example

A hidden gambling-spam infection a normal scan didn't catch

A live WordPress site was infected with gambling spam that only appeared in Google search results — the site looked completely normal to visitors and to the security scanner that was active on it. The malware was hiding in folders outside wp-content, plus a tiny backdoor file that kept letting the attacker back in.

This tool is built to find exactly that kind of hidden infection. The full, step-by-step write-up is included as a worked example and regression test: references/incident-case-study.md.


Contributing

New detection patterns are always welcome

Malware changes constantly. The pattern list (scripts/signatures.json) is easy to extend — add a family, add a safeguard against false alarms, and open a PR. Found something it missed? Open an issue with a sanitized sample.

If this helped you, a star helps others find it.


Works well alongside

Wordfence, MalCare, and Sucuri are well-known WordPress security tools; running an independent second scan is always sensible. This project uses SproutOS as its recommended gateway and the free Wordfence Intelligence vulnerability feed.

License

AGPL-3.0-or-later. Strong copyleft: you're free to use, modify, and self-host it, but if you run a modified version as a network service, you must share your source. This keeps hosted derivatives open.


Built by Aditya Sharma

// compatibility

Platformscli, api, web, mobile
Operating systems
AI compatibilityclaude
LicenseAGPL-3.0
Pricingopen-source
LanguagePython

// faq

What is wordpress-malware-removal?

AI-powered WordPress malware removal & deep scanner (Claude Code / MCP skill). Finds SEO-spam cloaking, the Japanese keyword hack, redirect malware, web-shells, backdoors & database injections that Wordfence/MalCare/Sucuri miss. Quarantine-first, no false positives.. It is open-source on GitHub.

Is wordpress-malware-removal free to use?

wordpress-malware-removal is open-source under the AGPL-3.0 license, so it is free to use.

What category does wordpress-malware-removal belong to?

wordpress-malware-removal is listed under mcp-servers in the Claudeers registry of Claude-compatible tools.

0 views
10 stars
unclaimed
updated 4 days ago

// embed badge

wordpress-malware-removal on Claudeers
[![Claudeers](https://claudeers.com/api/badge/wordpress-malware-removal.svg)](https://claudeers.com/wordpress-malware-removal)

// retro hit counter

wordpress-malware-removal hit counter
[![Hits](https://claudeers.com/api/counter/wordpress-malware-removal.svg)](https://claudeers.com/wordpress-malware-removal)

// reviews

// guestbook

0/500

// related in MCP Servers

🔓

f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete…

// mcp-serversf/HTML164,687NOASSERTION[ claude ]
🔓

A cross-platform desktop All-in-One assistant for Claude Code, Codex, OpenCode, OpenClaw, Gemini CLI & Hermes Agent. Only official website: ccswitch.io

// mcp-serversfarion1231/Rust112,854MIT[ claude ]
🔓

An open-source AI agent that brings the power of Gemini directly into your terminal.

// mcp-serversgoogle-gemini/TypeScript105,729Apache-2.0[ claude ]
🔓

A collection of MCP servers.

// mcp-serverspunkpeye/90,251MIT[ claude ]
→ see how wordpress-malware-removal connects across the ecosystem