#!/bin/bash #################################################################################################### #### author: SlickStack ############################################################################ #### link: https://slickstack.io ################################################################### #### mirror: http://mirrors.slickstack.io/bash/ss-clean-files.txt ################################## #### path: /var/www/ss-clean-files ################################################################# #### destination: n/a (not a boilerplate) ########################################################## #### purpose: Cleans up various unsafe and unnecessary files on the SlickStack server ############## #### module version: Ubuntu 20.04 LTS ############################################################## #### sourced by: ss core cron jobs ################################################################# #### bash aliases: ss clean, ss clean files ######################################################## #################################################################################################### ## CERTAIN WP PLUGINS WILL BE FORCE-DELETED: https://slickstack.io/faq/blacklisted-plugins ## ## SS-CLEAN DOES NOT PERFORM ANY MALWARE FILE SCANNING (PLEASE USE SS-SCAN INSTEAD) ## ## include SlickStack configuration ## source /var/www/ss-config ## include SlickStack functions ## source /var/www/ss-functions #################################################################################################### #### SS-Clean-Files: Message (Begin Script) ######################################################## #################################################################################################### ## this is a simple message that announces to the shell the purpose of this bash script ## ## it will only be noticed by sudo users who manually call ss core bash scripts ## ## echo message ## echo -e "${PURPLE}Running ss-clean-files: Cleans up various unsafe and unnecessary files on the SlickStack server... ${NOCOLOR}" sleep "$SLEEP_MESSAGE_BEGIN" #################################################################################################### #### SS-Clean-Files: Delete Bash Command History (Root + Sudo + SFTP User) ######################### #################################################################################################### ## many sensitive data items like passwords are often saved indefinitely in Bash history ## ## this command will erase the Bash history file contents for better security ## ## NULL shell history ## cat /dev/null > /root/.bash_history cat /dev/null > /home/${SUDO_USER}/.bash_history cat /dev/null > /home/${SFTP_USER}/.bash_history #################################################################################################### #### SS-Clean: Delete Staging Site Completely If Explicity Disabled In SS-Config ################### #################################################################################################### ## only if STAGING_SITE explicity false in ss-config ## if [[ "$STAGING_SITE" == "false" ]]; then rm /var/www/html/staging/ fi #################################################################################################### #### SS-Clean: Delete MySQL Directory Backup If Not Explicity Enabled ############################## #################################################################################################### if [[ "$SS_DUMP_MYSQL_FILES" != "true" ]]; then rm /var/www/meta/mysql.bak/ fi #################################################################################################### #### SS-Clean: Delete Old SS-Config Backup Files ####################################### #################################################################################################### ## delete old ss-config backups ## find /var/www/meta/ -maxdepth 1 -name "ss-config.bak*" -type f -mtime +1 -delete #################################################################################################### #### SS-Clean: Delete Outdated + Unnecessary SlickStack Files ###################################### #################################################################################################### ## as both SlickStack and WordPress evolve there are certain files that become irrelevant ## ## most of the time this consists of temp install files, unused MU plugins, etc ## ## delete throwaway theme ## rm /var/www/html/wp-content/themes/throwaway* rm /var/www/html/staging/wp-content/themes/throwaway* ## outdated MU plugins (no longer used) ## rm /var/www/html/wp-content/mu-plugins/index-autoload* ## included in WP 5.3+ rm /var/www/html/staging/wp-content/mu-plugins/index-autoload* ## included in WP 5.3+ rm /var/www/html/wp-content/mu-plugins/remove-query-strings* ## no longer recommended rm /var/www/html/staging/wp-content/mu-plugins/remove-query-strings* ## no longer recommended # rm /var/www/html/wp-content/mu-plugins/xxx-notices* rm /var/www/html/staging/wp-content/mu-plugins/xxx-staging* rm /var/www/html/dev/wp-content/mu-plugins/xxx-dev* rm /var/www/html/wp-content/mu-plugins/sftp-details* rm /var/www/html/staging/wp-content/mu-plugins/sftp-details* rm /var/www/html/dev/wp-content/mu-plugins/sftp-details* #################################################################################################### #### SS-Clean: Delete Unsafe + Unnecessary WordPress Core Files #################################### #################################################################################################### ## partly for backwards compatibility (but also stubborness) WP Core retains these files ## ## none are critical yet they greatly hurt security thus SlickStack deletes them ## ## delete old + exploitable WordPress Core files ## rm /var/www/html/readme*.html ## wordpresss junk files rm /var/www/html/license*.txt ## wordpresss junk files rm /var/www/html/licence*.txt ## wordpresss junk files rm /var/www/html/wp-links-opml*.php* rm /var/www/html/wp-mail*.php* rm /var/www/html/wp-trackback*.php* rm /var/www/html/xmlrpc*.php* # rm /wp-admin/install.php* ## if not virgin install anymore rm /var/www/html/staging/readme*.html ## wordpresss junk files rm /var/www/html/staging/license*.txt ## wordpresss junk files rm /var/www/html/staging/licence*.txt ## wordpresss junk files rm /var/www/html/staging/wp-links-opml*.php* rm /var/www/html/staging/wp-mail*.php* rm /var/www/html/staging/wp-trackback*.php* rm /var/www/html/staging/xmlrpc*.php* #################################################################################################### #### SS-Clean: Empty Out (Null) Log Files To Prevent Large Files ################### #################################################################################################### cat /dev/null > /var/www/logs/cron.log #################################################################################################### #### SS-Encrypt: Delete Previous / Conflicting Lets Encrypt SSL Certificates ####################### #################################################################################################### ## this could end up causing cert-less servers, best to not enable it ## Ref: https://community.letsencrypt.org/t/correct-way-to-completely-remove-issued-certificate-s-for-a-domain/7409 ## Ref: https://community.letsencrypt.org/t/brief-overview-of-steps-that-certbot-api-goes-through/141892 ## to cleanup the potential mess of Lets Encrypt files we selectively delete some here ## ## this process should delete any old or irrelevant (non-active) SSL files ## ## selectively delete Lets Encrypt files ## # if [[ "$SITE_DOMAIN" != www.* ]] && [[ "$SITE_TLD" != "$SITE_DOMAIN" ]]; then # find /etc/letsencrypt/ ! -name "*$SITE_DOMAIN*" -exec rm -r {} \; # else # find /etc/letsencrypt/ ! -name "*$SITE_TLD*" -exec rm -r {} \; # fi ## add these to ss-clean ## # rm /etc/ssl/cert.pem ## symlink # rm /etc/ssl/chain.pem ## symlink # rm /etc/ssl/fullchain.pem ## symlink # rm /etc/ssl/privkey.pem ## symlink #################################################################################################### #### SS-Clean: Delete Any PHP Error Handling Hacks In WordPress Plugins + Themes ################### #################################################################################################### ## an unfortunate feature of PHP is that scripts can override WP or server-level settings ## ## this set of commands safely removes any PHP error handling hacks from scripts ## ## replace this with WP Admin warning message if files found ## # find /var/www/html/wp-content/mu-plugins -type f -name "*.php" -exec sed -i '/ini_set/d' {} \; # find /var/www/html/wp-content/plugins -type f -name "*.php" -exec sed -i '/ini_set/d' {} \; # find /var/www/html/wp-content/themes -type f -name "*.php" -exec sed -i '/ini_set/d' {} \; # find /var/www/html/wp-content/mu-plugins -type f -name "*.php" -exec sed -i '/error_reporting/d' {} \; # find /var/www/html/wp-content/plugins -type f -name "*.php" -exec sed -i '/error_reporting/d' {} \; # find /var/www/html/wp-content/themes -type f -name "*.php" -exec sed -i '/error_reporting/d' {} \; #################################################################################################### #### SS-Clean: Delete Various Junk Files From Ubuntu (Etc) Outside Public Directory ################ #################################################################################################### ## delete Ubuntu junk files ## # rm /tmp/systemd-* # rm /var/tmp/systemd-* # find /var/backups/ -name "*.gz" -type f -delete find /var/www/html/ -name "wget-log*" -type f -delete # rm /media* ## cleanup all log files ## find /var/log/ -name "*.gz" -type f -delete find /var/log/ -name "*.log.*" -type f -delete rm /var/log/fpm-php.www.log* rm /var/log/php7.0-fpm.log* rm /var/log/php7.1-fpm.log* rm /var/log/php7.2-fpm.log* rm /var/log/php-fpm/* rm /var/log/monit.log* ## delete old SlickStack cache ## rm /etc/nginx/cache* #################################################################################################### #### SS-Clean: Cleanup SlickStack Core Files Under /var/www/ ####################################### #################################################################################################### ## delete SlickStack leftovers ## rm /var/www/00-crontab rm /var/www/01-cron-often rm /var/www/02-cron-regular rm /var/www/03-cron-quarter-hourly rm /var/www/04-cron-half-hourly rm /var/www/05-cron-hourly rm /var/www/06-cron-quarter-daily rm /var/www/07-cron-half-daily rm /var/www/08-cron-daily rm /var/www/09-cron-half-weekly rm /var/www/10-cron-weekly rm /var/www/11-cron-half-monthly rm /var/www/12-cron-monthly rm /var/www/13-cron-sometimes rm /tmp/dos2unix* rm /var/www/meta/.cherry* rm /var/ss-config*.bak* rm /var/www/'$' rm /var/www/ss rm /var/www/bash/ ## we decided to keep ss core scripts in /var/www/ for now (usability) rm /var/www/cron/ ## folder only rm /var/www/touch rm /tmp/ss rm /home/$SUDO_USER/ss rm /home/$SFTP_USER/ss rm /root/ss rm /var/www/cache/fastcgi rm /var/www/meta/.timestamp-01-cron-regular* rm /var/www/meta/.timestamp-ss-restart rm /var/www/meta/.timestamp-ss-reset-password rm /var/www/meta/.timestamp-ss-scan rm /var/www/meta/.timestamp-ss-optimize rm /var/www/meta/.timestamp-ss-sync rm /var/www/meta/.timestamp-ss-dump rm /var/www/meta/.timestamp-ss-install-ubuntu-aliases rm /var/www/meta/.timestamp-ss-perms-ubuntu-aliases rm /var/www/meta/.timestamp-ss-clean rm /var/www/0-crontab rm /var/www/1-cron-often rm /var/www/2-cron-regular rm /var/www/3-cron-hourly rm /var/www/3-cron-quarter-hourly rm /var/www/4-cron-half-hourly rm /var/www/4-cron-quarter-daily rm /var/www/5-cron-half-daily rm /var/www/5-cron-hourly rm /var/www/6-cron-daily rm /var/www/6-cron-quarter-daily rm /var/www/7-cron-half-daily rm /var/www/7-cron-weekly rm /var/www/8-cron-daily rm /var/www/8-cron-monthly rm /var/www/9-cron-half-weekly rm /var/www/9-cron-sometimes rm /var/www/ss-install-aliases rm /var/www/ss-install-bash rm /var/www/ss-install-cron rm /var/www/ss-install-misc rm /var/www/ss-install-muplugins rm /var/www/ss-install-wordpress rm /var/www/ss-install-wpconfig rm /var/www/ss-install-wordp ## incomplete file rm /var/www/ss-install-ubuntu-aliases rm /var/www/ss-perms-ubuntu-aliases rm /var/www/ss-dump rm /var/www/ss-muplugs rm /var/www/ss-restart rm /var/www/ss-reset-password rm /var/www/ss-scan rm /var/www/ss-sync rm /var/www/ss-chec rm /var/www/ss-clean rm /var/www/ss-optimize rm /var/www/ss-purge-fcgi rm /var/www/monit.log rm /var/www/html/wp-completion.bash rm /var/www/meta/wp-completion.bash rm /var/www/meta/.wp-completion.bash rm /home/wp-completion.bash rm /home/${SUDO_USER}/config.yml rm /home/${SUDO_USER}/wp-cli.yml # rm /var/www/html/.wp-cli # rm /var/www/html/wp-cli rm /var/www/html/staging/staging* rm /var/www/logs/mysql.log ## cleanup ## rm -v ~/secure_our_mysql.sh ## delete SlickStack junk files ## find /var/www/ -name "*.save*" -type f -delete rm /var/www/wp.sql* rm /var/www/meta/myisam-tables.txt* rm /var/www/meta/myisam-tables.sql* #################################################################################################### #### SS-Clean: cleanup Various Files Throughout Public Web Root /var/www/html/ ##################### #################################################################################################### ## these powerful commands delete several unsafe file types throughout the html web root ## ## the file types will be permanently deleted regardless of where they are found ## ## delete PHP files that do not belong to WordPress Core ## ## find ....... ## delete known malware files ## # find /var/www/html/ -name "script.php" -type f -delete # find /var/www/html/ -name "licensed.php" -type f -delete # find /var/www/html/ -name "apikey*.zip" -type f -delete find /var/www/html/ -name "wp_ftp*.php" -type f -delete find /var/www/html/ -name "wp-xmlrpc*.php" -type f -delete find /var/www/html/ -name "zgepd_oddsd*.php" -type f -delete find /var/www/html/ -name "index2*.php" -type f -delete find /var/www/html/ -name "index_.php" -type f -delete find /var/www/html/ -name "wp-counts*.php" -type f -delete find /var/www/html/ -name "wp-interst*.php" -type f -delete # find /var/www/html/ -name "idb.php" -type f -delete # find /var/www/html/ -name "validate.php" -type f -delete find /var/www/html/ -name "tbl_status.php" -type f -delete find /var/www/html/ -name "wp_p.php" -type f -delete find /var/www/html/ -name "temp-crawl*.php" -type f -delete find /var/www/html/ -name "wp-crawl*.php" -type f -delete # find /var/www/html/ -name "robots.php" -type f -delete find /var/www/html/ -name "timthumb*.php" -type f -delete # find /var/www/html/ -name "syslib.php" -type f -delete find /var/www/html/ -name "settings_v2.php" -type f -delete # find /var/www/html/ -name "minify.php" -type f -delete find /var/www/html/ -name "wpsetting.php" -type f -delete find /var/www/html/ -name "new_license.php" -type f -delete find /var/www/html/ -name "site-site-icon-functions.php" -type f -delete # find /var/www/html/ -name "wp-media.php" -type f -delete find /var/www/html/ -name "wp-reset-*.php" -type f -delete rm /var/www/html/lte_ rm /var/www/html/wp-domain.php rm /var/www/html/wp-main.php rm /var/www/html/wp-uti.php rm /var/www/html/wp.php rm /var/www/html/w.php rm /var/www/html/about.php rm /var/www/html/content.php rm /var/www/html/m3.php rm /var/www/html/mini.php rm /var/www/html/1index.php rm /var/www/html/baindex.php rm /var/www/html/hbf0oajf_index.php rm /var/www/html/*_index.php rm /var/www/html/kindex.php rm /var/www/html/mindex.php rm /var/www/html/wp-beckup.php rm /var/www/html/wikindex.php rm /var/www/html/wp-content/coment* ## also placed in /uploads/2020/ (etc) types of folders rm /var/www/html/wp-content/plugins/bots.txt* rm /var/www/html/wp-content/plugins/plug1* rm /var/www/html/wp-content/plugins/plug1-1* rm /var/www/html/wp-content/plugins/wpematico* rm /var/www/html/dev/wp-content/plugins/bots.txt* rm /var/www/html/dev/wp-content/plugins/plug1* rm /var/www/html/dev/wp-content/plugins/plug1-1* rm /var/www/html/dev/wp-content/plugins/wpematico* rm /var/www/html/staging/wp-content/plugins/bots.txt* rm /var/www/html/staging/wp-content/plugins/plug1* rm /var/www/html/staging/wp-content/plugins/plug1-1* rm /var/www/html/staging/wp-content/plugins/wpematico* # rm /var/www/html/staging/wp-content/uploads/symbols/ ## not sure if directory is made by the malware or taken over by the malware ## known malware filenames that cant be deleted because they conflict with WP Core filenames ## # find /var/www/html/ -name "cache.php*" -type f -delete # find /var/www/html/ -name "update.php*" -type f -delete # find /var/www/html/ -name "settings.php*" -type f -delete # find /var/www/html/ -name "wp_api.php*" -type f -delete ## not malware but possibly exploitable SSO script ## find /var/www/html/ -name "http.php" -type f -delete ## exists in WP Core under /wp-includes/ # find /var/www/html/ -name "stats.php" -type f -delete ## conflicts with some themes find /var/www/html/ -name "wp-xmlrpc.php" -type f -delete ## delete unsafe file extensions ## find /var/www/html/ -name "*.exe" -type f -delete find /var/www/html/ -name "*.cmd" -type f -delete find /var/www/html/ -name "*.asp" -type f -delete find /var/www/html/ -name "*.aspx" -type f -delete find /var/www/html/ -name "*.jsb" -type f -delete find /var/www/html/ -name "*.jsp" -type f -delete find /var/www/html/ -name "*.com" -type f -delete find /var/www/html/ -name "*.bat" -type f -delete find /var/www/html/ -name "*.ascx" -type f -delete find /var/www/html/ -name "*.cfc" -type f -delete find /var/www/html/ -name "*.cfm" -type f -delete find /var/www/html/ -name "*.cfml" -type f -delete find /var/www/html/ -name "*.cfr" -type f -delete find /var/www/html/ -name "*.cfswf" -type f -delete find /var/www/html/ -name "*.jws" -type f -delete find /var/www/html/ -name "*.dll" -type f -delete find /var/www/html/ -name "*.vbs" -type f -delete find /var/www/html/ -name "*.reg" -type f -delete find /var/www/html/ -name "*.asis" -type f -delete find /var/www/html/ -name "*.pwml" -type f -delete find /var/www/html/ -name "*.cpl" -type f -delete find /var/www/html/ -name "*.asis" -type f -delete find /var/www/html/ -name "*.jhtml" -type f -delete find /var/www/html/ -name "*.mht" -type f -delete find /var/www/html/ -name "*.mhtml" -type f -delete find /var/www/html/ -name "*.msi" -type f -delete find /var/www/html/ -name "*.pif" -type f -delete find /var/www/html/ -name "*.py" -type f -delete find /var/www/html/ -name "*.scr" -type f -delete find /var/www/html/ -name "*.vxd" -type f -delete find /var/www/html/ -name "*.rb" -type f -delete find /var/www/html/ -name "*.htc" -type f -delete ## delete flash related files ## find /var/www/html/ -name "*.fla" -type f -delete find /var/www/html/ -name "*.flv" -type f -delete find /var/www/html/ -name "*.swf" -type f -delete find /var/www/html/ -name "*.swt" -type f -delete find /var/www/html/ -name "*.swc" -type f -delete ## delete deprecated file types ## find /var/www/html/ -name "*.sem" -type f -delete ## (Alpha Five software) ## delete conflict file types ## find /var/www/html/ -name "*.conf" -type f -delete ## ss conflicts (Nginx hacks) find /var/www/html/ -name "*.config" -type f -delete ## ss conflicts (Nginx hacks) ## delete unsafe database dumps ## find /var/www/html/ -name "*.sql" -type f -delete ## unsafe dumps find /var/www/html/ -name "*.wpress" -type f -delete ## All In One Migration archives ## various delete types ## find /var/www/html/ -name ".DS_Store*" -type f -delete ## camera files? ## delete apache junk files ## find /var/www/html/ -name ".htaccess*" -type f -delete find /var/www/html/ -name "htaccess*" -type f -delete ## delete linux junk files ## # find /var/www/html/ -name ".listing*" -type f -delete ## delete php.ini hijacking ## find /var/www/html/ -name "*.ftpquota" -type f -delete find /var/www/html/ -name "*.user.ini" -type f -delete # find /var/www/html/ -name "*.ini" -type f -delete ## conflicts with certain WP plugins find /var/www/html/ -name "*.ini.php" -type f -delete sed -i '/INI_SET/d' /var/www/html/wp-config.php sed -i '/ini_set/d' /var/www/html/wp-config.php ## delete leftover plugin junk file types ## find /var/www/html/ -name "adminer*.version*" -type f -delete ## Adminer plugin config find /var/www/html/ -name "php_errorlog*" -type f -delete ## Adminer plugin config ## delete nginx junk files ## find /var/www/html/ -name "nginx.conf" -type f -delete # find /var/www/html/ -name "*.conf" -type f -delete ## delete suspicious and non-critical files ## # find /var/www/html/ -name "default_library_puvox.php" -type f -delete ## not malware (by Puvox.Software) ## BASED ON RECENT MALWARE ATTACK FINDINGS ... some plugins use the /uploads/ folder for all kinds of improper stuff, PHP should never be here ## ## .htaccess and index.php files also not needed for security reasons as SlickStack already blocks these folders from frontend indexing ## ## potential malware or improper files ## find /var/www/html/wp-content/uploads/ -name "*.php" -type f -delete # find /var/www/html/wp-content/languages/ -name "*.php" -type f -delete find /var/www/html/wp-content/temp/ -name "*.php" -type f -delete #################################################################################################### #### SS-Clean: cleanup Various Files Directly Under /var/www/html/ ################################# #################################################################################################### # rm /var/www/html/http_* ## improper wget leftovers? ## delete Nginx junk files ## rm /var/www/html/index.nginx-debian*.html* rm /var/www/html/.fw-config.php* ## vendor-specific (Flywheel) ## delete insecure database access points (Adminer accessible at example.com/adminer) ## rm /var/www/html/adminer* rm /var/www/html/*adminer*.php* rm /var/www/html/database.php* rm /var/www/html/db.php* rm /var/www/html/database rm /var/www/html/DATABASE rm /var/www/html/db rm /var/www/html/DB rm /var/www/html/phpmyadmin* rm /var/www/html/phpMyAdmin* rm /var/www/html/phpmyadmin*.php* ## no support for phpMyAdmin rm /var/www/html/phpMyAdmin*.php* ## no support for phpMyAdmin ## delete various files ## rm /var/www/html/.closte* ## vendor specific (Closte) rm /var/www/html/.maintenance* rm /var/www/html/.quarantine* rm /var/www/html/.tmb* rm /var/www/html/*_archive.zip ## leftover migration junk (Duplicator plugin) rm /var/www/html/_wpeprivate* ## vendor specific (WP Engine) rm /var/www/html/bing*.xml ## junk domain verification files rm /var/www/html/Bing*.xml ## junk domain verification files # rm /var/www/html/browserconfig.xml* rm /var/www/html/cache* ## invalid cache files rm /var/www/html/cgi-bin* ## ss conflicts rm /var/www/html/cookie.txt* ## (Netscape HTTP Cookie File) rm /var/www/html/crossdomain.xml ## https://sethsec.blogspot.com/2014/03/exploiting-misconfigured-crossdomainxml.html rm /var/www/html/dup-installer* ## unsafe archives and leftover migration junk (Duplicator plugin) rm /var/www/html/error_log* ## leftover Apache error logs rm /var/www/html/favicon.gif ## invalid favicons rm /var/www/html/GetYoastData*.php ## ## delete domain verification files (use DNS instead) ## rm /var/www/html/ahrefs* ## Ahrefs rm /var/www/html/google*.html ## junk domain verification files rm /var/www/html/google*.txt ## junk domain verification files rm /var/www/html/imagify-backup* ## junk plugin files rm /var/www/html/index.htm ## ss conflicts rm /var/www/html/index.html ## ss conflicts rm /var/www/html/i.php ## obvious phpinfo files rm /var/www/html/i.html ## obvious phpinfo files rm /var/www/html/info.php ## obvious phpinfo files rm /var/www/html/info.html ## obvious phpinfo files rm /var/www/html/installer*.php ## leftover migration junk (Duplicator plugin) rm /var/www/html/iwp-restore-log* ## improper log location # rm /var/www/html/manifest.json* rm /var/www/html/my-wp-backup* ## ss conflicts, unsafe archives rm /var/www/html/networko* ## known malware infection rm /var/www/html/nortonsw*.html ## junk domain verification files rm /var/www/html/php.php ## obvious phpinfo files rm /var/www/html/php.html ## obvious phpinfo files rm /var/www/html/phpinfo*.php ## obvious phpinfo files rm /var/www/html/phpinfo*.html ## obvious phpinfo files rm /var/www/html/php-errors.log* ## ss conflicts, duplicate logs rm /var/www/html/pinterest*.html ## junk domain verification files rm /var/www/html/ror.xml rm /var/www/html/sap-logs* ## plugin logs (AccessPress Social Auto Post) rm /var/www/html/wp-snapshots* ## ss conflicts, unsafe archives rm /var/www/html/ssv3_directory.php* ## vendor specific (Bluehost) rm /var/www/html/sucuri*.php rm /var/www/html/test.php ## obvious phpinfo files rm /var/www/html/test.html ## obvious phpinfo files rm /var/www/html/theme-option-export-file* ## local theme export archives rm /var/www/html/web.config* rm /var/www/html/wordfence-waf* ## ss conflicts, bloated, creates instability (WordFence) rm /var/www/html/yandex*.html ## junk domain verification files rm /var/www/html/wp-snapshots* ## unsafe archives (Duplicator) rm /var/www/html/wps-fbre-logs* ## unknown #################################################################################################### #### SS-Clean: Cleanup Files Under /var/www/html/wp-content/ ####################################### #################################################################################################### ## no cache folder in SlickStack ## rm /var/www/html/wp-content/cache* ## delete unsafe/unecessary debug logs ## # rm /var/www/html/wp-content/debug*.log # rm /var/www/html/wp-content/debug.log* ## cleanup various files ## rm /var/www/html/wp-content/advanced-cache.php* ## ss conflicts # rm /var/www/html/wp-content/ai1ec_static* rm /var/www/html/wp-content/ai1wm-backups* rm /var/www/html/wp-content/ari-adminer-config.php* rm /var/www/html/wp-content/autoptimize*.php ## Autoptimize rm /var/www/html/wp-content/backups-* ## XCloner etc (local archives) rm /var/www/html/wp-content/backupwordpress* ## BackupWordPress archives # rm /var/www/html/wp-content/blogs.dir ## WP Multisite rm /var/www/html/wp-content/caos_cache* # rm /var/www/html/wp-content/cookie-preferences-log* ## plugin junk files # rm /var/www/html/wp-content/cusri* rm /var/www/html/wp-content/debug.log* rm /var/www/html/wp-content/deleteme*.php ## unknown source rm /var/www/html/wp-content/easysocialsharebuttons-assets* rm /var/www/html/wp-content/et-cache* ## improper cache (Elegant Themes) rm /var/www/html/wp-content/evf-logs* ## Everest Forms junk files rm /var/www/html/wp-content/ewww* ## junk files generated by EWWW rm /var/www/html/wp-content/expdbs-migrations* ## junk files generated by Export Database (LittleBizzy) rm /var/www/html/wp-content/fvm* ## minify files rm /var/www/html/wp-content/install.php* ## plugin junk files (Jetpack) # rm /var/www/html/wp-content/ip-geo-api* ## unknown rm /var/www/html/wp-content/ithemes-security* ## ss conflicts, bloated (iThemes Security) # rm /var/www/html/wp-content/js_composer* ## plugin files (Visual Composer) rm /var/www/html/wp-content/litespeed* # rm /var/www/html/wp-content/local-fonts* rm /var/www/html/wp-content/maintenance.php* ## potential malware, unknown rm /var/www/html/wp-content/managewp* ## ss conflicts, creates instability (ManageWP) rm /var/www/html/wp-content/MCE_Styles* ## wp core hacks, bad practice (TinyMCE Custom Styles) # rm /var/www/html/wp-content/multiverso-files* rm /var/www/html/wp-content/nginx-helper* ## ss conflicts, junk logs (Nginx Helper) rm /var/www/html/wp-content/pegasaas-cache* ## improper cache, Pegasaas junk files rm /var/www/html/wp-content/pdf-light-viewer-logs* ## plugin logs (PDF viewer for WordPress by ThemeNcode) rm /var/www/html/wp-content/ptetmp* # rm /var/www/html/wp-content/reports* ## AdRotate log files # # rm /var/www/html/wp-content/revslider* ## serious errors, exploitable, better options exist (Revslider) # rm /var/www/html/wp-content/rstemp* ## unknown slider plugin rm /var/www/html/wp-content/sedlex* rm /var/www/html/wp-content/sgf-css* ## Self Hosted Google Fonts junk files rm /var/www/html/wp-content/ShortpixelBackups* ## generates junk files, resource intensive (Shortpixel) rm /var/www/html/wp-content/siteground-migrator* ## vendor specific # rm /var/www/html/wp-content/squirrly* rm /var/www/html/wp-content/sucuri* ## ss conflicts, resource intensive (Sucuri) rm /var/www/html/wp-content/sunrise.php* rm /var/www/html/wp-content/temp-write-test* ## unknown rm /var/www/html/wp-content/tg-demo-pack* ## ThemeGrill junk files rm /var/www/html/wp-content/uo-unix.log* ## unknown rm /var/www/html/wp-content/upgrade* ## WordPress Core upgrade temp files # rm /var/www/html/wp-content/useanyfont* ## creates instability, bad practice (use CSS) rm /var/www/html/wp-content/w3tc-config* # rm /var/www/html/wp-content/wc-logs* rm /var/www/html/wp-content/wcfe* ## WP Config File Editor files rm /var/www/html/wp-content/wflogs* ## WordFence junk files rm /var/www/html/wp-content/wishlist-backup* ## unsafe archives, plugin junk files (Wishlist Member) # rm /var/www/html/wp-content/woocommerce_uploads* # rm /var/www/html/wp-content/wp-bruiser* ## plugin files (WP Bruiser) rm /var/www/html/wp-content/wp-cache-config.php* ## ss conflicts rm /var/www/html/wp-content/wp-clone* ## unsafe local archives (WP Clone) rm /var/www/html/wp-content/wp-migrate-db* ## unsafe local archives (WP Migrate DB) rm /var/www/html/wp-content/wp-performance-score-booster* ## ss conflicts, bad practice, creates instability rm /var/www/html/wp-content/wp-rocket ## ss conflicts (WP Rocket) rm /var/www/html/wp-content/wp-rocket-config* ## ss conflicts (WP Rocket) rm /var/www/html/wp-content/wp-snapshots* rm /var/www/html/wp-content/wpbackitup* ## WPBackitup archives rm /var/www/html/wp-content/wof-log* ## unknown # rm /var/www/html/wp-content/wpdesk-logs* ## WP Desk various logs rm /var/www/html/wp-content/wphb-cache* ## Hummingbird files rm /var/www/html/wp-content/wphb-logs* ## Hummingbird files rm /var/www/html/wp-content/wpsl-csv-import* # rm /var/www/html/wp-content/wpallexport* # rm /var/www/html/wp-content/wpallimport* # rm /var/www/html/wp-content/wpcf7_uploads* # rm /var/www/html/wp-content/wpseo-redirects* rm /var/www/html/wp-content/wp-link-status-salt.php rm /var/www/html/wp-content/wpvividbackups* ## local archives # rm /var/www/html/wp-content/xlwuev-errors* ## improper error logs rm /var/www/html/wp-content/temp-write-test* ## unknown rm /var/www/html/wp-content/yotuwp_cache* ## improper cache rm /var/www/html/wp-content/codeguard_backups* rm /var/www/html/wp-content/envato-backups* rm /var/www/html/wp-content/managewp* rm /var/www/html/wp-content/ai1wm-backups* rm /var/www/html/wp-content/aiowps_backups* rm /var/www/html/wp-content/esf-cache* ## improper cache folder rm /var/www/html/wp-content/backup/ rm /var/www/html/wp-content/backup-* rm /var/www/html/wp-content/backups rm /var/www/html/wp-content/updraft* ## unsafe archives # rm /var/www/html/wp-content/wishlist-rollback* ## Wishlist Member junk files rm /var/www/html/wp-content/wpclone-temp* rm /var/www/html/wp-content/wptelegram*.log* ## junk files (By WP Telegram / Manzoor Wani) rm /var/www/html/wp-content/codeguard_backups* rm /var/www/html/wp-content/Dropbox_Backup* rm /var/www/html/wp-content/bps-backup* rm /var/www/html/wp-content/backups-dup-pro* rm /var/www/html/wp-content/sedlex* ## backup scheduler files rm /var/www/html/wp-content/uploads-webpc* ## creates instability, hijacks WP Core,bad practice (By webp-converter-for-media) rm /var/www/html/wp-content/wpo-cache* ## ss conflicts (WP-Optimize) rm /var/www/html/wp-content/siteground-migrator.log* ## vendor-specific #################################################################################################### #### cleanup /var/www/html/wp-content/mu-plugins/ ################################################## #################################################################################################### rm /var/www/html/wp-content/mu-plugins/0-worker* ## creates instability, resource intensive (ManageWP) rm /var/www/html/wp-content/mu-plugins/et-safe-mode* ## Elegant Themes rm /var/www/html/wp-content/mu-plugins/mainwp-child* ## creates instability, resource intensive (MainWP) rm /var/www/html/wp-content/mu-plugins/SupportCenterMUAutoloader.php* ## Elegant Themes #################################################################################################### #### cleanup /var/www/html/wp-content/plugins/ ##################################################### #################################################################################################### ## even if you disable the Plugin Blacklist certain problematic plugins are still deleted ## ## this is to ensure stability of SlickStack and to establish some best practices ## ## cleanup file types ## find /var/www/html/wp-content/plugins/ -name "*.gz" -type f -delete find /var/www/html/wp-content/plugins/ -name "*.tar" -type f -delete find /var/www/html/wp-content/plugins/ -name "*.zip" -type f -delete ## DELETE VARIOUS CONFLICTING PLUGINS ## ## delete junk WP Core plugins ## rm /var/www/html/wp-content/plugins/hello.php* ## pointless ## delete Apache/LiteSpeed plugins ## rm /var/www/html/wp-content/plugins/askapache-debug-viewer* ## ss conflicts rm /var/www/html/wp-content/plugins/htaccess* ## ss conflicts (apache) rm /var/www/html/wp-content/plugins/htaccess-login-block* ## ss conflicts (apache) rm /var/www/html/wp-content/plugins/htaccess-site-access-control* ## ss conflicts (apache) rm /var/www/html/wp-content/plugins/litespeed-cache* ## ss conflicts ## delete backup plugins ## rm /var/www/html/wp-content/plugins/backup ## unsafe archives, resource intensive rm /var/www/html/wp-content/plugins/backup-scheduler* ## unsafe archives, resource intensive rm /var/www/html/wp-content/plugins/backwpup* ## ss conflicts, resource intensive, unsafe archives rm /var/www/html/wp-content/plugins/my-wp-backup* ## by MyThemeShop rm /var/www/html/wp-content/plugins/my-wp-backup-pro-master* ## by MyThemeShop ## delete cache plugins ## rm /var/www/html/wp-content/plugins/autoptimize* ## ss conflicts ## delete cryptocurrency miners ## rm /var/www/html/wp-content/plugins/bitcoin-plus-miner* ## cryptomining rm /var/www/html/wp-content/plugins/jsecoin* ## cryptomining ## delete security / anti-brute force plugins ## rm /var/www/html/wp-content/plugins/all-in-one-wp-security-and-firewall* rm /var/www/html/wp-content/plugins/bad-behavior* ## ss conflicts, bloated rm /var/www/html/wp-content/plugins/better-wp-security* ## ss conflicts, bloated rm /var/www/html/wp-content/plugins/hide_my_wp* ## ss conflicts, breaks firewalls rm /var/www/html/wp-content/plugins/login-lockdown* ## excessive logging ## delete vendor-specific plugins ## rm /var/www/html/wp-content/plugins/dreamhost-panel-login* ## vendor-specific rm /var/www/html/wp-content/plugins/dreamobjects* ## vendor-specific ## delete exploitable plugins ## rm /var/www/html/wp-content/plugins/fast-user-switching* ## not maintained, exploitable (By Tikweb) ## delete plugins for various reasons (replace this with categories for better understanding) ## rm /var/www/html/wp-content/plugins/404s/ ## excessive logging rm /var/www/html/wp-content/plugins/404-error-monitor* ## excessive logging, not maintained rm /var/www/html/wp-content/plugins/404-notifier* ## excessive logging, not maintained rm /var/www/html/wp-content/plugins/404-redirection-manager* ## excessive logging, serious errors, not maintained rm /var/www/html/wp-content/plugins/404-to-301* ## excessive logging rm /var/www/html/wp-content/plugins/add-category-to-pages* ## serious conflicts, bad practice rm /var/www/html/wp-content/plugins/add-index-to-autoload* ## ss conflicts, feature exists in WP Core 5.3+ rm /var/www/html/wp-content/plugins/admin-menu-editor* ## creates instability rm /var/www/html/wp-content/plugins/adminer* ## serious errors, creates instability rm /var/www/html/wp-content/plugins/ajax-load-more* ## resource intensive (by Darren Cooney) rm /var/www/html/wp-content/plugins/ajax-thumbnail-rebuild* ## database thrashing rm /var/www/html/wp-content/plugins/akeebabackupwp* ## unsafe local backups (stored in this dir) # rm /var/www/html/wp-content/plugins/all-in-one-wp-migration* ## temporary delete old versions (XSS exploit) rm /var/www/html/wp-content/plugins/allow-php-in-posts-and-pages* ## php hacks rm /var/www/html/wp-content/plugins/apikey ## malware # rm /var/www/html/wp-content/plugins/ari-adminer* ## better to delete manually to remove database data rm /var/www/html/wp-content/plugins/autologin-links* ## exploitable rm /var/www/html/wp-content/plugins/blogvault* ## ss conflicts, resource intensive rm /var/www/html/wp-content/plugins/BoosterPage ## deprecated, exploitable (Smart Marketer) rm /var/www/html/wp-content/plugins/broken-link-checker* ## resource intensive, not maintained rm /var/www/html/wp-content/plugins/browser-caching-with-htaccess* ## ss conflicts (apache) rm /var/www/html/wp-content/plugins/bugherd* ## ss conflicts rm /var/www/html/wp-content/plugins/captcha ## deprecated rm /var/www/html/wp-content/plugins/change-wp-admin-login* ## ss conflicts (By Nuno Morais Sarmento) rm /var/www/html/wp-content/plugins/classic-editor* ## ss conflicts rm /var/www/html/wp-content/plugins/clearfy* ## ss conflicts, bloated (Clearfy) rm /var/www/html/wp-content/plugins/codeguard* ## ss conflicts rm /var/www/html/wp-content/plugins/contextual-related-posts* ## resource intensive rm /var/www/html/wp-content/plugins/creative-clans-embed-script* ## better options exist, not maintained (By Guido Tonnaer) rm /var/www/html/wp-content/plugins/custom-sidebars* ## exploitable, errors/conflicts, resource intensive, bad practice (WPMU Dev) rm /var/www/html/wp-content/plugins/disable-rss ## deprecated rm /var/www/html/wp-content/plugins/display-widgets ## malware/spyware rm /var/www/html/wp-content/plugins/divi-booster* ## serious errors, creates instability rm /var/www/html/wp-content/plugins/duplicate-page* ## exploitable, ss conflicts (Gutenberg), better options exist rm /var/www/html/wp-content/plugins/duplicator* ## ss conflicts, resource intensive, unsafe local archives rm /var/www/html/wp-content/plugins/dynamic-related-posts* # rm /var/www/html/wp-content/plugins/easy-contact-forms* rm /var/www/html/wp-content/plugins/easy-wp-smtp* ## blacklist risk (smtp) rm /var/www/html/wp-content/plugins/envato-wordpress-toolkit* ## deprecated rm /var/www/html/wp-content/plugins/error_log* ## improper error log rm /var/www/html/wp-content/plugins/ewww-image-optimizer* ## generates junk files, resource intensive # rm /var/www/html/wp-content/plugins/ewww-image-optimizer-cloud rm /var/www/html/wp-content/plugins/extend-bundle-widgets* ## not maintained, no public docs, possibly exploitable rm /var/www/html/wp-content/plugins/fancy-box ## not maintained rm /var/www/html/wp-content/plugins/fb-instant-articles ## not maintained, serious errors (by Automattic) rm /var/www/html/wp-content/plugins/fb-messenger ## deprecated rm /var/www/html/wp-content/plugins/file-away* ## creates instability, not maintained rm /var/www/html/wp-content/plugins/flexi-quote-rotator* ## not maintained, serious errors rm /var/www/html/wp-content/plugins/folders ## creates instability rm /var/www/html/wp-content/plugins/fuzzy-seo-booster* ## database thrashing # rm /var/www/html/wp-content/plugins/geotargeting-pro* ## potential resource intensive rm /var/www/html/wp-content/plugins/godaddy-email-marketing-sign-up-forms* ## vendor specific (godaddy) rm /var/www/html/wp-content/plugins/google-analyticator* ## history of poor code, poor maintenance, better options exist (By SumoMe) rm /var/www/html/wp-content/plugins/google-analytics-for-wordpress* ## bloated, spammy, spyware rm /var/www/html/wp-content/plugins/google-analytics-dashboard-for-wp* ## spammy, bloated, creates instability rm /var/www/html/wp-content/plugins/googleanalytics ## malware/spyware rm /var/www/html/wp-content/plugins/heartbeat-control* ## ss conflicts rm /var/www/html/wp-content/plugins/hummingbird-performance* ## ss conflicts rm /var/www/html/wp-content/plugins/hyperdb* ## ss conflicts, not maintained rm /var/www/html/wp-content/plugins/increase-upload-file-size-maximum-execution-time-limit* ## ss conflicts rm /var/www/html/wp-content/plugins/integrate-monero-miner* ## cryptomining rm /var/www/html/wp-content/plugins/intuitive-custom-post-order* ## resource intensive, creates instability rm /var/www/html/wp-content/plugins/ithemes-sync* ## ss conflicts rm /var/www/html/wp-content/plugins/iwp-client* rm /var/www/html/wp-content/plugins/jetpack* ## bloated, ss conflicts rm /var/www/html/wp-content/plugins/jm-live-blog* ## serious errors, database thrashing, not maintained rm /var/www/html/wp-content/plugins/jonradio-multiple-themes* ## creates instability # rm /var/www/html/wp-content/plugins/js_composer_theme ## modified (nulled?) version of WP Bakery rm /var/www/html/wp-content/plugins/last-modified-timestamp* ## ss conflicts # rm /var/www/html/wp-content/plugins/leadpages ## potential creates instability rm /var/www/html/wp-content/plugins/linkman* ## deprecated, database thrashing rm /var/www/html/wp-content/plugins/mailchimp rm /var/www/html/wp-content/plugins/mailchimp-forms-by-mailmunch* ## malware/spyware rm /var/www/html/wp-content/plugins/maintenance-mode ## ss conflicts rm /var/www/html/wp-content/plugins/maintenance-mode-litlebizzy* ## ss conflicts rm /var/www/html/wp-content/plugins/mainwp* ## ss conflicts, creates instability (MainWP) rm /var/www/html/wp-content/plugins/mainwp-child* ## ss conflicts, creates instability (MainWP) rm /var/www/html/wp-content/plugins/manual-image-crop* rm /var/www/html/wp-content/plugins/miwoftp* ## exploitable, not maintained rm /var/www/html/wp-content/plugins/mobius-conversion-tracker* ## deprecated (by Mobius Media) rm /var/www/html/wp-content/plugins/my-custom-css ## serious errors, poor coding (by Esther Tyler) rm /var/www/html/wp-content/plugins/myrp* ## database thrashing rm /var/www/html/wp-content/plugins/mythemeshop-connect* ## ransomware (by MyThemeShop) rm /var/www/html/wp-content/plugins/nofollow/ ## serious errors, pointless rm /var/www/html/wp-content/plugins/onlywire-bookmark-share-button* rm /var/www/html/wp-content/plugins/optimizemember* ## requires OptimizePress (banned) rm /var/www/html/wp-content/plugins/optimizeMember* ## requires OptimizePress (banned) rm /var/www/html/wp-content/plugins/optimizePress* ## serious errors, potential data loss, creates instability rm /var/www/html/wp-content/plugins/optimizePressPlugin* ## serious errors, potential data loss, creates instability rm /var/www/html/wp-content/plugins/optimizepress* ## serious errors, potential data loss, creates instability # rm /var/www/html/wp-content/plugins/optimus rm /var/www/html/wp-content/plugins/outtatimr* ## deprecated (by DigitalMarketer) rm /var/www/html/wp-content/plugins/p3-profiler* ## serious errors, not maintained rm /var/www/html/wp-content/plugins/page-links-to* ## not maintained, poorly coded, bad practice (redirects should not conflict with permalinks) rm /var/www/html/wp-content/plugins/pc-google-analytics* ## deprecated rm /var/www/html/wp-content/plugins/perfmatters* ## ss conflicts, bloated, stolen code (Perfmatters) rm /var/www/html/wp-content/plugins/periods-in-titles* ## bad for seo # rm /var/www/html/wp-content/plugins/photomix* ## resource intensive rm /var/www/html/wp-content/plugins/php-settings* ## php hacks rm /var/www/html/wp-content/plugins/post-types-order* ## creates instability, potential data loss # rm /var/www/html/wp-content/plugins/postman-smtp ## not maintained, blacklist risk (smtp) rm /var/www/html/wp-content/plugins/pp_default_lib.php ## wordpresss junk files rm /var/www/html/wp-content/plugins/protect-wp-admin* ## ss conflicts, breaks firewalls # rm /var/www/html/wp-content/plugins/pt-instant* rm /var/www/html/wp-content/plugins/pushlive* ## not maintained (by 1 Squared, Jamin Szczesny) rm /var/www/html/wp-content/plugins/qtranslate-x* ## deprecated, serious errors rm /var/www/html/wp-content/plugins/quick-pagepost-redirect-plugin* ## not maintained, bizarre code, bad practice rm /var/www/html/wp-content/plugins/redirection/ ## excessive logging, better options exist ## DO NOT WILDCARD rm /var/www/html/wp-content/plugins/redis-cache* ## ss conflicts rm /var/www/html/wp-content/plugins/redis-object-cache* ## ss conflicts # rm /var/www/html/wp-content/plugins/related-posts-by-zemanta* ## resource intensive rm /var/www/html/wp-content/plugins/rest-api/ ## not maintained, exists in wp core (Rest API) # rm /var/www/html/wp-content/plugins/sendgrid-email-delivery-simplified* rm /var/www/html/wp-content/plugins/SenestreGDPR* ## better options exist, no public changelog rm /var/www/html/wp-content/plugins/seo-alrp* ## database thrashing # rm /var/www/html/wp-content/plugins/seo-optimized-images rm /var/www/html/wp-content/plugins/sg-cachepress* ## vendor specific rm /var/www/html/wp-content/plugins/shopbop-widget* ## database thrashing rm /var/www/html/wp-content/plugins/shortpixel* ## generates junk files, resource intensive rm /var/www/html/wp-content/plugins/shortpixel-image-optimiser* ## generates junk files, resource intensive rm /var/www/html/wp-content/plugins/shipper ## vendor specific, requires dependencies, spamware (by WPMU Dev) rm /var/www/html/wp-content/plugins/similar-posts* ## database thrashing rm /var/www/html/wp-content/plugins/simple-monero-miner-coin-hive* ## cryptomining rm /var/www/html/wp-content/plugins/simple-share-buttons-adder* ## serious errors rm /var/www/html/wp-content/plugins/simple-wistia-embed* ## exists in wp core rm /var/www/html/wp-content/plugins/sitespeed* ## malware (as per Sucuri report) rm /var/www/html/wp-content/plugins/sitewide-message/ ## abandoned rm /var/www/html/wp-content/plugins/snapshot ## unsafe local archives (by WPMU Dev) rm /var/www/html/wp-content/uploads/sucuri* ## ss conflicts, bloated rm /var/www/html/wp-content/plugins/sucuri-scanner* ## ss conflicts, bloated rm /var/www/html/wp-content/plugins/sumome* ## very poor performance, serious errors, history of poor maintenance rm /var/www/html/wp-content/plugins/sweetcaptcha* ## malware/spyware rm /var/www/html/wp-content/plugins/sweetcaptcha-revolutionary-free-captcha-service* ## malware/spyware rm /var/www/html/wp-content/plugins/tfm-google-product-feed* ## abandoned, serious errors rm /var/www/html/wp-content/plugins/timthumb* ## exploitable, deprecated rm /var/www/html/wp-content/plugins/total-donations* ## exploitable, not maintained rm /var/www/html/wp-content/plugins/totaldonations* ## exploitable, not maintained rm /var/www/html/wp-content/plugins/tweet-blender* ## database thrashing rm /var/www/html/wp-content/plugins/tweetable/ ## not maintained, serious errors rm /var/www/html/wp-content/plugins/twitter ## deprecated rm /var/www/html/wp-content/plugins/updraft ## ss conflicts, unsafe archives, resource intensive rm /var/www/html/wp-content/plugins/updraftplus ## ss conflicts, unsafe archives, resource intensive rm /var/www/html/wp-content/plugins/upload-max-file-size* ## ss conflicts, php hacks rm /var/www/html/wp-content/plugins/uploadify* rm /var/www/html/wp-content/plugins/use-any-font* ## bad practice, creates instability rm /var/www/html/wp-content/plugins/w3-total-cache* ## ss conflicts, bloated rm /var/www/html/wp-content/plugins/way2enjoy-compress-images* rm /var/www/html/wp-content/plugins/weather-for-us-widget* ## cryptomining rm /var/www/html/wp-content/plugins/wistia-responsive* ## exists in wp core rm /var/www/html/wp-content/plugins/wp-404-auto-redirect-to-similar-post* ## bad practice, creates instability (By hwk-fr) rm /var/www/html/wp-content/plugins/wp-htaccess-control* ## ss conflicts (apache) rm /var/www/html/wp-content/plugins/wordpress-firewall-2* ## ss conflicts, creates instability rm /var/www/html/wp-content/plugins/woocommerce-jquery-cookie-fix* rm /var/www/html/wp-content/plugins/woocommerce-services* ## ss conflicts, bloatware, spamware rm /var/www/html/wp-content/plugins/woocommerce-zoomifier* ## deprecated, serious errors, js conflicts, better options exist rm /var/www/html/wp-content/plugins/woodojo* ## deprecated rm /var/www/html/wp-content/plugins/woosidebars-sbm-converter* ## deprecated rm /var/www/html/wp-content/plugins/woothemes-updater* ## deprecated rm /var/www/html/wp-content/plugins/wordfence* ## ss conflicts, bloated rm /var/www/html/wp-content/plugins/wordpress-popular-posts* ## excessive logging, resource intensive rm /var/www/html/wp-content/plugins/worker ## ss conflicts, creates instability (ManageWP) rm /var/www/html/wp-content/plugins/wc-cancel-order ## creates instability rm /var/www/html/wp-content/plugins/wc-password-strength-settings* ## exploitable, bad practice rm /var/www/html/wp-content/plugins/wp-advanced-importer* ## not maintained, serious errors rm /var/www/html/wp-content/plugins/wp-author-date-and-meta-remover* ## not maintained, serious errors rm /var/www/html/wp-content/plugins/wp-coinhive ## cryptomining rm /var/www/html/wp-content/plugins/wp-database-backup* ## unsafe archives, resource intensive rm /var/www/html/wp-content/plugins/wp-db-backup* ## unsafe archives, resource intensive rm /var/www/html/wp-content/plugins/wp-editor* ## exists in wp core (syntax editor) rm /var/www/html/wp-content/plugins/wp-fastest-cache* ## ss conflicts rm /var/www/html/wp-content/plugins/wp-force-ssl* ## ss conflicts rm /var/www/html/wp-content/plugins/wp-instagram-widget* ## deprecated (By scottsweb) rm /var/www/html/wp-content/plugins/wp-maximum-execution-time-exceeded* ## ss conflicts rm /var/www/html/wp-content/plugins/wp-monero-miner-using-coin-hive* ## cryptomining rm /var/www/html/wp-content/plugins/wp-no-category-base* ## not maintained, better options exist rm /var/www/html/wp-content/plugins/wp-optimize* ## ss conflicts rm /var/www/html/wp-content/plugins/wp-performance ## ss conflicts (By alaca) rm /var/www/html/wp-content/plugins/wp-performance-score-booster* ## ss conflicts, bad practice rm /var/www/html/wp-content/plugins/wp-phpmyadmin-extension* ## ss conflicts, creates instability, exploitable rm /var/www/html/wp-content/plugins/wp-postviews* ## database thrashing rm /var/www/html/wp-content/plugins/wp-redis* ## ss conflicts rm /var/www/html/wp-content/plugins/wp-rocket* ## ss conflicts, bloated (WP Rocket) rm /var/www/html/wp-content/plugins/wp-rocket-static-exclude-defer-js* ## ss conflicts rm /var/www/html/wp-content/plugins/wp-security* ## malware (reported by Sucuri) rm /var/www/html/wp-content/plugins/wp-site-migrate* ## vendor specific (WP Engine) rm /var/www/html/wp-content/plugins/wp-smush-pro* ## resource intensive, creates instability, vendor specific (WPMUDev) rm /var/www/html/wp-content/plugins/wp-smushit* ## resource intensive rm /var/www/html/wp-content/plugins/wp-speedup* ## ss conflicts rm /var/www/html/wp-content/plugins/wp-super-cache* ## ss conflicts rm /var/www/html/wp-content/plugins/wpengine-geoip* ## vendor specific (WP Engine) rm /var/www/html/wp-content/plugins/wp-vi-duplicate-posts* rm /var/www/html/wp-content/plugins/wp_mainlog2* ## unknown rm /var/www/html/wp-content/plugins/wpe-advanced-cache-options* ## vendor specific rm /var/www/html/wp-content/plugins/wpframework* ## malware (reported by Sucuri) rm /var/www/html/wp-content/plugins/wpide ## exists in wp core (syntax editor) rm /var/www/html/wp-content/plugins/wpmudev-updates* ## ss conflicts, vendor specific (WPMUDev Dashboard) rm /var/www/html/wp-content/plugins/wpremote* rm /var/www/html/wp-content/plugins/wps-hide-login* ## ss conflicts # rm /var/www/html/wp-content/plugins/woocommerce-digital-download-free-shipping* rm /var/www/html/wp-content/plugins/yet-another-related-posts-plugin* rm /var/www/html/wp-content/plugins/yith-woocommerce-wishlist* ## exploitable, poor code, resource intensive, better options exist rm /var/www/html/wp-content/plugins/yoast-seo-search-index-purge* ## ss conflicts, serious errors rm /var/www/html/wp-content/plugins/yuzo-related-post* ## deprecated, exploitable #################################################################################################### #### cleanup /var/www/html/wp-content/themes/ ###################################################### #################################################################################################### ## cleanup file types ## find /var/www/html/wp-content/themes/ -name "*.gz" -type f -delete find /var/www/html/wp-content/themes/ -name "*.tar" -type f -delete find /var/www/html/wp-content/themes/ -name "*.zip" -type f -delete #################################################################################################### #### cleanup /var/www/wp-content/uploads/ ########################################################## #################################################################################################### rm /var/www/html/wp-content/uploads/.shortpixel* ## junk files (Shortpixel) # rm /var/www/html/wp-content/uploads/affwp-debug.log* ## improper debug logs (AffiliateWP) # rm /var/www/html/wp-content/uploads/ai1ec_static* rm /var/www/html/wp-content/uploads/analytify-logs* rm /var/www/html/wp-content/uploads/*edd-debug.log rm /var/www/html/wp-content/uploads/backup* ## unsafe archives rm /var/www/html/wp-content/uploads/backup-guard* ## unsafe archives rm /var/www/html/wp-content/uploads/backupbuddy_backups* ## unsafe archives rm /var/www/html/wp-content/uploads/backwpup* ## unsafe archives (BackWPUp) # rm /var/www/html/wp-content/uploads/bfi_thumb* ## (elementor? various themes too) rm /var/www/html/wp-content/uploads/cache* ## improper cache # rm /var/www/html/wp-content/uploads/ced_umb_logs ## unknown rm /var/www/html/wp-content/uploads/certifications* rm /var/www/html/wp-content/uploads/csv_exports* ## unsafe local archives (WooCommerce Product CSV Import Suite) # rm /var/www/html/wp-content/uploads/custom-css-js* ## bad practice, creates instability, hostage-ware (Simple Custom CSS & JS) rm /var/www/html/wp-content/uploads/db-backup* rm /var/www/html/wp-content/uploads/divi-contact-extended-temp* rm /var/www/html/wp-content/uploads/dynamic-style-* ## unknown CSS minify plugin? rm /var/www/html/wp-content/uploads/edd/jilt*.log rm /var/www/html/wp-content/uploads/elm-email-errors.lock* ## unknown rm /var/www/html/wp-content/uploads/et_temp* ## improper temp folders (Elegant Themes) rm /var/www/html/wp-content/uploads/expdbs-migrations* # rm /var/www/html/wp-content/uploads/fbrfg* ## unknown rm /var/www/html/wp-content/uploads/file-manager* ## plugin junk files/logs # rm /var/www/html/wp-content/uploads/fileaway-custom-css* # rm /var/www/html/wp-content/uploads/flags* ## unknown (maybe WPML) rm /var/www/html/wp-content/uploads/freshizer* # rm /var/www/html/wp-content/uploads/fusion_slider_exports* ## plugin junk files (Fusion Slider) # rm /var/www/html/wp-content/uploads/GeoIP.dat* ## ss conflicts # rm /var/www/html/wp-content/uploads/GeoIPv6.dat* ## ss conflicts # rm /var/www/html/wp-content/uploads/GeoLite*mmdb # rm /var/www/html/wp-content/uploads/GeoLite2-Country.mmdb* ## ss conflicts rm /var/www/html/wp-content/uploads/gppro* ## files from disallowed plugin (Genesis Design Palette Pro – Export CSS) rm /var/www/html/wp-content/uploads/hummingbird-assets* ## ss conflicts (WPMU Hummingbird) rm /var/www/html/wp-content/uploads/intense-cache* ## unknown rm /var/www/html/wp-content/uploads/ithemes-security* ## junk files (iThemes Security) rm /var/www/html/wp-content/uploads/latest-export* rm /var/www/html/wp-content/uploads/mainwp* ## junk files (MainWP) rm /var/www/html/wp-content/uploads/mc4wp-debug-log.php* rm /var/www/html/wp-content/uploads/my-php.log* ## improper error log, exploitable (unknown source) # rm /var/www/html/wp-content/uploads/my_custom_css* rm /var/www/html/wp-content/uploads/nginx-helper* rm /var/www/html/wp-content/uploads/pb_backupbuddy* ## unsafe local archives rm /var/www/html/wp-content/uploads/premise* # rm /var/www/html/wp-content/uploads/resized ## unsure (slider plugin) rm /var/www/html/wp-content/uploads/rstemp* ## improper temp directory rm /var/www/html/wp-content/uploads/sacache* ## unknown rm /var/www/html/wp-content/uploads/ShortpixelBackups* ## junk files (Shortpixel) rm /var/www/html/wp-content/uploads/siteground-optimizer-assets* # rm /var/www/html/wp-content/uploads/siteorigin-widgets* ## possibly no longer used # rm /var/www/html/wp-content/uploads/smile_fonts* ## unsure rm /var/www/html/wp-content/uploads/smush*.log ## junk files (WP Smush) rm /var/www/html/wp-content/uploads/taxjar*.csv* ## unsafe archives (TaxJar) rm /var/www/html/wp-content/uploads/tCapsule* ## unsafe archives (WP Time Capsule) # rm /var/www/html/wp-content/uploads/tcb_content_templates* ## (Thrive junk) # rm /var/www/html/wp-content/uploads/tcb_lp_templates* ## (Thrive junk) rm /var/www/html/wp-content/uploads/thrive-ab-page-testing* ## (Thrive junk) rm /var/www/html/wp-content/uploads/thrive-quiz-builder* ## (Thrive junk) # rm /var/www/html/wp-content/uploads/thrive-visual-editor* ## (Thrive junk) # rm /var/www/html/wp-content/uploads/tve-ff-* (Thrive junk) rm /var/www/html/wp-content/uploads/tve_leads_templates* ## (Thrive Leads) # rm /var/www/html/wp-content/uploads/us-assets* ## unsure # rm /var/www/html/wp-content/uploads/useanyfont* ## creates instability, bad practice (Use Any Font) rm /var/www/html/wp-content/uploads/vipercache* ## improper cache, ss conflicts rm /var/www/html/wp-content/uploads/webp-express-test-conversion*.webp # rm /var/www/html/wp-content/uploads/wordpress-popular-posts* files from disallowed plugin rm /var/www/html/wp-content/uploads/wp-clone* ## unsafe archives (WP Clone) rm /var/www/html/wp-content/uploads/wp-defender* ## ss conflicts (WP Defender) rm /var/www/html/wp-content/uploads/wp-file-manager-pro* ## junk files (WP File Manager Pro) rm /var/www/html/wp-content/uploads/wp-migrate-db* ## junk files (WP Migrate DB) # rm /var/www/html/wp-content/uploads/wp-staging* # rm /var/www/html/wp-content/uploads/wp-staging/logs* # rm /var/www/html/wp-content/uploads/wp-static-html* rm /var/www/html/wp-content/uploads/wp-statistics* ## junk files (WP Statistics) rm /var/www/html/wp-content/uploads/wp-sync-db* ## local archives # rm /var/www/html/wp-content/uploads/wp-ultimate-csv-importer.log* ## log files (WP Ultimate CSV Importer) rm /var/www/html/wp-content/uploads/wp_edit_pro* ## WP Edit Pro files (disallowed plugin) # rm /var/www/html/wp-content/uploads/*wpsp-rate-limiting.log* ## WP Simple Pay # rm /var/www/html/wp-content/uploads/wpallimport* # rm /var/www/html/wp-content/uploads/wpallimport_history* # rm /var/www/html/wp-content/uploads/wpallimport_logs* rm /var/www/html/wp-content/uploads/wpallimport/temp/* ## WP All Import temp files # rm /var/www/html/wp-content/uploads/wpallimport/uploads/* ## WP All Import uploads rm /var/www/html/wp-content/uploads/wpfc-backup* ## local archives rm /var/www/html/wp-content/uploads/wplr-tmp* # rm /var/www/html/wp-content/uploads/wpseo-redirects* ## bad practice (automatic 301s) Yoast Premium rm /var/www/html/wp-content/uploads/wtfdivi* ## Divi Booster files, bad practice rm /var/www/html/wp-content/uploads/wwlc-temp* ## improper temp folder # rm /var/www/html/wp-content/uploads/yikes-log* ## log files (Yikes Easy Mailchimp) rm /var/www/html/wp-content/uploads/sucuri* rm /var/www/html/wp-content/uploads/pb_backupbuddy* rm /var/www/html/wp-content/uploads/snapshots* rm /var/www/html/wp-content/uploads/fw-backup* # rm /var/www/html/wp-content/uploads/ithemes-security* rm /var/www/html/wp-content/uploads/cache* ## improper cache path #################################################################################################### #### SS-Clean: Purge Cache (PHP OPcache) ########################################################### #################################################################################################### ## run ss-purge-opcache ## source /var/www/ss-purge-opcache #################################################################################################### #### SS-Clean: Touch Timestamp File (End Script) ################################################### #################################################################################################### ## this is a dummy timestamp file that will remember the last time this script was run ## ## it can be useful for developer reference and is sometimes used by SlickStack ## ## script timestamp ## touch /var/www/meta/.timestamp-ss-clean-files #################################################################################################### #### SlickStack: External References Used To Improve This Script (Thanks, Interwebz) ############### #################################################################################################### ## Ref: https://www.techrepublic.com/article/how-to-effectively-clear-your-bash-history/ ## Ref: https://askubuntu.com/questions/447295/where-is-the-bash-history-for-the-root-user-saved ## Ref: https://stackoverflow.com/questions/13148438/how-to-view-the-bash-history-for-root ## Ref: https://stackoverflow.com/questions/1182756/remove-line-of-text-from-multiple-files-in-linux ## Ref: https://unix.stackexchange.com/questions/17520/deleting-lines-containing-a-specified-string-in-different-files ## Ref: https://superuser.com/questions/428493/how-can-i-do-a-recursive-find-and-replace-from-the-command-line ## Ref: https://unix.stackexchange.com/questions/324118/replace-string-in-multiple-files-using-find-and-sed ## Ref: https://unix.stackexchange.com/questions/474505/how-to-use-sed-on-all-matching-files ## Ref: https://wordpress.org/plugins/old-core-files/ ## Ref: https://dba.stackexchange.com/questions/56804/mysql-how-to-drop-all-tables-starting-with-a-prefix/56806 ## Ref: https://azimyasin.wordpress.com/2007/08/11/mysql-dropping-multiple-tables/ ## Ref: https://stackoverflow.com/questions/19283740/save-mysql-query-results-into-a-text-file ## Ref: https://stackoverflow.com/questions/21253704/how-to-save-mysql-query-output-to-excel-or-txt-file ## Ref: https://stackoverflow.com/questions/5410757/how-to-delete-from-a-text-file-all-lines-that-contain-a-specific-string ## Ref: https://blog.sqlauthority.com/2018/10/23/sql-server-how-to-drop-multiple-tables-using-single-drop-statement/ ## Ref: https://stackoverflow.com/questions/11245144/replace-whole-line-containing-a-string-using-sed ## Ref: https://stackoverflow.com/questions/3657860/bash-append-text-to-last-line-of-file ## Ref: https://stackoverflow.com/questions/35021524/how-can-i-add-a-comma-at-the-end-of-every-line-except-the-last-line/35021663 ## Ref: https://stackoverflow.com/questions/17075837/append-space-and-character-to-each-line-except-the-last ## Ref: https://stackoverflow.com/questions/49169243/add-comma-at-end-of-all-lines-except-1-2-3-and-last-line ## Ref: https://stackoverflow.com/questions/17666249/how-do-i-import-an-sql-file-using-the-command-line-in-mysql/56250785 ## Ref: https://www.unix.com/unix-for-dummies-questions-and-answers/69518-removing-semicolon-using-sed-aix-urgent.html ## Ref: https://stackoverflow.com/questions/5833086/shell-script-variable-replacing-characters ## Ref: https://unix.stackexchange.com/questions/162221/shortest-way-to-replace-characters-in-a-variable ## Ref: https://stackoverflow.com/questions/6744006/can-i-use-sed-to-manipulate-a-variable-in-bash ## Ref: https://silicondales.com/tutorials/wordpress/convert-wordpress-mysql-database-tables-myisam-innodb-better-scale/ ## Ref: https://stackoverflow.com/questions/4107599/show-a-tables-fulltext-indexed-columns ## Ref: https://stackoverflow.com/questions/4898653/mysql-to-find-all-tables-with-a-full-text-indexed-column-in-them ## Ref: https://stackoverflow.com/questions/1718126/show-tables-by-engine-in-mysql ## Ref: http://redino.net/blog/2016/12/mysql-find-myisam-tables/ ## Ref: https://stackoverflow.com/questions/16711598/get-the-sql-query-result-without-the-table-format ## Ref: https://dev.mysql.com/doc/refman/8.0/en/option-modifiers.html ## Ref: https://alvinalexander.com/mysql/how-to-list-mysql-table-column-field-names-without-table-formatting-headers/ ## Ref: https://dev.mysql.com/doc/refman/8.0/en/mysql-command-options.html ## Ref: https://www.streetdirectory.com/travel_guide/122595/world_wide_web/root_home_directory_of_linux_.html ## Ref: https://unix.stackexchange.com/questions/447360/delete-only-files-older-than-7-days-mtime-and-find ## SS_EOF