Latest WordPress Vulnerability: One-Liner To Remove Affected File(s)

May 7th, 2015

Unless you’re living under the proverbial rock, you have heard about the latest vulnerability affecting WordPress – and this time it’s WordPress’ default 2015 Theme as well as the very popular Jetpack plugin.

As reported by Sucuri, developers apparently forgot to remove a file before committing the build, leaving both the theme and the plugin open to yet another potential attack.

The best advice is to simply remove the (unnecessary) file genericons/example.html – but what if you have more then one installation (because you’re a developer a small hosting company) and therefore have more than one file to remove?
Sure, you can manually delete them all one-by-one, but how about removing them all in one step?

Since we have quite a few WordPress installations on our staging servers, locating and removing the file(s) within every single installation would be extremely time-consuming and not feasible.

So, if you have more then one example.html to remove, here’s a one-liner for you:
SSH to your server and cd into your webserver’s home directory (either /home or /www – depending on your OS and configuration) and run:
user@server [/home]# sudo find ./* -path "*genericons/example.html" -exec rm {} \;

You can add -print at the end to see which files were removed:
user@server [/home]# sudo find ./* -path "*genericons/example.html" -exec rm {} \; -print

site1/public_html/wp-content/themes/twentyfifteen/genericons/example.html
site2/public_html/wp-content/themes/twentyfifteen/genericons/example.html
site3/public_html/wp-content/themes/twentyfifteen/genericons/example.html

You’re welcome.

About the author:

Nina Khoury is a computer scientist, software engineer, data and information junkie and online marketer. She taught at various universities for more than six years and worked on projects for Fortune 500 companies including cisco, Intel and HP.

Leave a Comment