I posted this several months back and didn't get any responses, so I thought I'd take another shot at it now there are more people in the Community.
I rely on using WordPress plugins to help find malware on customers' sites, however sometimes the site is offline. If I'm hosting the site then I have software on my server I can use to run a scan. But when someone else is hosting the site or it's on a shared host, I'd like to be able to upload a script that would scan all the files in the user's account and print out a list of suspect files I can investigate. Similar to what a company like Sucuri would use to do this type of thing.
Does anyone have anything they can recommend? I welcome any and all suggestions.
Great post! Hope you get some good participation. If you're looking for WordPress specific suggestions, you may also consider posting this idea on the Managing WordPress board. Hope to see lots of suggestions!
I'm not aware of a single script that would be able to scan for everything. I did find this helpful write-up from the folks over at Media Temple though. It has some great suggestions.
Thanks @JesseW - that is a good article! I'm always looking for useful new techniques to add to my toolkit for un-hacking WordPress sites. It never ceases to amaze me how clever some of these hackers can be.
I'll give this thread a bit of time here and if it doesn't get any traction I'll try posting in the Managed WordPress forum.
Most of the Malware scanners for wordpress are plugins. I was able to locate a few links for malware cli scanners.
Free Scanner, looks very basic in what it scans
Provided by WP-CLI plugin. Used to check wordpress core files for modifications
Commercial scanner that provides a free trial and looks like it is a complete wwebsite malware scanner that supports several CMS,s