Latest WordPress Vulnerability: One-Liner To Remove Affected File(s) » Blog: Security, FAQs & Blog - inlineVision: Web Design / E-Commerce / PPC / Social Media | Las Vegas, NV | High-Performance Websites & E-Commerce Solutions

Latest WordPress Vulnerability: One-Liner To Remove Affected File(s)

May 7th, 2015

Unless you’re living under the proverbial rock, you have heard about the latest vulnerability affecting WordPress – and this time it’s WordPress’ default 2015 Theme as well as the very popular Jetpack plugin.

As reported by Sucuri, developers apparently forgot to remove a file before committing the build, leaving both the theme and the plugin open to yet another potential attack.

The best advice is to simply remove the (unnecessary) file genericons/example.html – but what if you have more then one installation (because you’re a developer a small hosting company) and therefore have more than one file to remove?
Sure, you can manually delete them all one-by-one, but how about removing them all in one step?

Since we have quite a few WordPress installations on our staging servers, locating and removing the file(s) within every single installation would be extremely time-consuming and not feasible.

So, if you have more then one example.html to remove, here’s a one-liner for you:
SSH to your server and cd into your webserver’s home directory (either /home or /www – depending on your OS and configuration) and run:
user@server [/home]# sudo find ./* -path "*genericons/example.html" -exec rm {} \;

You can add -print at the end to see which files were removed:
user@server [/home]# sudo find ./* -path "*genericons/example.html" -exec rm {} \; -print

site1/public_html/wp-content/themes/twentyfifteen/genericons/example.html
site2/public_html/wp-content/themes/twentyfifteen/genericons/example.html
site3/public_html/wp-content/themes/twentyfifteen/genericons/example.html

You’re welcome.

Related Posts

Send this to a friend