Skip to main content
  1. All Posts/


Tools Open Source PHP WordPress


Your wordpress got hacked?
This simple tool helps you to find malicious code in your wordpress installation.
PLEASE BE AWARE: This script is new and will be pointing out lots of false positives. Please check all the findings manually!
Feel free to send me wordpress malware samples: Ben


Just clone this repo and move following files into your wordpress root directory:

  • wp-rex.php
  • wp-rex-shell


Web access

If there is no redirect (e.g. in the .htaccess-file or via malware) and you can reach your wordpress blog as usual:

  • visit https://url-to-your-wordpress-blog.tld/wp-rex.php

Command line access

If you do not have web access to your blog, connect to your webspace/server via the command line / SSH and navigate to your wordpress root-directory. Then execute following command:

  • ./wp-rex-detector DAYS (DAYS = check changed files for the last X days – default: 7)


  • all-in-one script via url-access
  • removed “md5” from search expressions (thx to @felsqualle)
  • new regex
  • implemented correct modification changes to php-file
  • add new regexes on a regular basis
  • check for bad file permissions?
  • more cool features (send me a feature request @foulenzer)