{"id":3391,"date":"2026-02-16T23:20:37","date_gmt":"2026-02-17T02:20:37","guid":{"rendered":"https:\/\/helpsysadmin.com.br\/blog\/?p=3391"},"modified":"2026-04-20T14:56:39","modified_gmt":"2026-04-20T17:56:39","slug":"limpar-wordpress-infectado-guia-ssh","status":"publish","type":"post","link":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/","title":{"rendered":"Como Limpar WordPress Infectado: Guia de Recupera\u00e7\u00e3o via SSH"},"content":{"rendered":"<div id=\"helps-2745325835\" class=\"helps-before-content-2 helps-entity-placement\"><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3661896953164277\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- 2anuncios display quadrado -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3661896953164277\"\r\n     data-ad-slot=\"5051229894\"\r\n     data-ad-format=\"auto\"\r\n     data-full-width-responsive=\"true\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><\/div>\n<h2 class=\"wp-block-heading\" id=\"h-guia-de-recuperacao-de-desastre-drp-wordpress-infectado\">Guia de Recupera\u00e7\u00e3o de Desastre (DRP): WordPress Infectado<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Limpar wordpress infectado. <strong>Premissa:<\/strong> Assuma que qualquer arquivo <code>.php<\/code> pode conter c\u00f3digo malicioso e que o banco de dados pode ter usu\u00e1rios administradores fantasmas.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-fase-1-estancar-o-sangramento-containment\">Fase 1: Estancar o Sangramento (Containment)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Antes de limpar, voc\u00ea precisa impedir que o atacante continue acessando ou que o malware se espalhe (spam\/phishing).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Suspenda o acesso web (Manuten\u00e7\u00e3o for\u00e7ada):<\/strong> N\u00e3o coloque apenas em &#8220;modo manuten\u00e7\u00e3o&#8221; do WP. Bloqueie no n\u00edvel do servidor web. Crie um <code>.htaccess<\/code> na raiz (<code>public_html<\/code>) permitindo apenas o seu IP: <\/p>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>Order Deny,Allow\nDeny from all\nAllow from 123.123.123.123<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Backup Forense:<\/strong> Fa\u00e7a um backup do estado <em>infectado<\/em>. Se voc\u00ea deletar algo cr\u00edtico ou precisar investigar a origem (RCA &#8211; Root Cause Analysis) depois, precisar\u00e1 disso. <code>tar -czf site_infectado_backup.tar.gz \/home\/usuario\/domains\/dominio.com\/public_html . mysqldump -u usuario_db -p nome_db &gt; dump_infectado.sql<\/code><\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-fase-2-o-nuclear-nos-arquivos-do-core\">Fase 2: O &#8220;Nuclear&#8221; nos Arquivos do Core<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">N\u00e3o tente limpar arquivos do core (<code>wp-admin<\/code>, <code>wp-includes<\/code>). Substitua-os. Malware adora se esconder em <code>wp-includes\/images\/smilies\/icon.php<\/code> ou injetar c\u00f3digos em <code>wp-login.php<\/code>.<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Identifique a vers\u00e3o do WP:<\/strong> <code>wp core version --allow-root<\/code><\/li>\n\n\n\n<li><strong>Baixe o core limpo (em um diret\u00f3rio tempor\u00e1rio):<\/strong> <code>mkdir \/tmp\/wp-clean cd \/tmp\/wp-clean wp core download --version=6.X.X --locale=pt_BR --allow-root<\/code><\/li>\n\n\n\n<li><strong>Substitua os diret\u00f3rios:<\/strong> No diret\u00f3rio do site infectado:\n<ul class=\"wp-block-list\">\n<li><strong>Delete:<\/strong> <code>wp-admin<\/code> e <code>wp-includes<\/code>.<\/li>\n\n\n\n<li><strong>Mantenha:<\/strong> <code>wp-content<\/code>, <code>wp-config.php<\/code> e <code>.htaccess<\/code>.<\/li>\n\n\n\n<li><strong>Copie:<\/strong> Os diret\u00f3rios limpos do <code>\/tmp\/wp-clean<\/code> para a raiz do site.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-fase-3-a-zona-de-guerra-wp-content\">Fase 3: A Zona de Guerra (<code>wp-content<\/code>)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u00c9 aqui que 90% dos malwares residem, disfar\u00e7ados de plugins ou uploads.<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Pasta <code>uploads<\/code>:<\/strong> Por padr\u00e3o, <strong>n\u00e3o<\/strong> deve haver arquivos PHP execut\u00e1veis aqui. Execute este comando para listar qualquer PHP escondido em uploads: <code>find wp-content\/uploads -name \"*.php\" -print <\/code><em>A\u00e7\u00e3o:<\/em> Se encontrar, verifique o conte\u00fado. Geralmente s\u00e3o backdoors (webshells). Delete-os.<em>Dica de SysAdmin:<\/em> Bloqueie execu\u00e7\u00e3o de PHP em uploads via <code>.htaccess<\/code> ou configura\u00e7\u00e3o do Nginx no futuro.<\/li>\n\n\n\n<li><strong>Plugins e Temas:<\/strong>\n<ul class=\"wp-block-list\">\n<li><strong>Plugins Gratuitos:<\/strong> Liste os plugins instalados, delete as pastas em <code>wp-content\/plugins\/<\/code> e baixe vers\u00f5es frescas do reposit\u00f3rio oficial.<\/li>\n\n\n\n<li><strong>Plugins Premium\/Temas:<\/strong> Se n\u00e3o tiver backup limpo, voc\u00ea ter\u00e1 que auditar. Use <code>grep<\/code> para buscar padr\u00f5es comuns de ofusca\u00e7\u00e3o: <code>grep -rE \"base64_decode|eval\\(|gzinflate|str_rot13\" wp-content\/plugins\/<\/code><\/li>\n\n\n\n<li><strong>Arquivo <code>index.php<\/code>:<\/strong> Verifique se existe um arquivo <code>index.php<\/code> falso dentro das pastas de cada plugin.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-fase-4-limpeza-do-banco-de-dados\">Fase 4: Limpeza do Banco de Dados<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">O malware pode criar usu\u00e1rios fantasmas ou injetar scripts nas op\u00e7\u00f5es do site.<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Verifique Usu\u00e1rios Administradores:<\/strong> Use o <strong><a href=\"https:\/\/wp-cli.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">WP-CLI<\/a><\/strong> para listar usu\u00e1rios com role &#8216;administrator&#8217;.        <code>wp user list --role=administrator --allow-root <\/code><em>A\u00e7\u00e3o:<\/em> Remova qualquer usu\u00e1rio desconhecido imediatamente.<\/li>\n\n\n\n<li><strong>Inje\u00e7\u00f5es na Tabela <code>wp_options<\/code>:<\/strong> Hackers costumam injetar redirecionamentos de JavaScript no <code>siteurl<\/code> ou <code>home<\/code> se conseguirem acesso ao banco, ou em widgets de texto.<\/li>\n\n\n\n<li><strong>Reset de Senhas:<\/strong> Force o reset de senha de todos os usu\u00e1rios administradores leg\u00edtimos.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-fase-5-wp-config-php-e-sais-de-seguranca\">Fase 5: <code>wp-config.php<\/code> e Sais de Seguran\u00e7a<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">O arquivo <code>wp-config.php<\/code> \u00e9 frequentemente modificado.<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Auditoria Manual:<\/strong> Abra o arquivo. Verifique se h\u00e1 <code>include<\/code> ou <code>require<\/code> estranhos no topo ou no final do arquivo.<\/li>\n\n\n\n<li><strong>Troque as senhas do Banco:<\/strong> Crie um novo usu\u00e1rio\/senha no MySQL e atualize o arquivo. Isso desconecta scripts maliciosos que roubaram as credenciais antigas.<\/li>\n\n\n\n<li><strong>Regenerar Salt Keys:<\/strong> Isso \u00e9 <strong>cr\u00edtico<\/strong>. Invalida todos os cookies de sess\u00e3o ativos (deslogando o atacante). <code>wp config shuffle-salts --allow-root<\/code><\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-fase-6-permissoes-e-hardening-pos-limpeza\">Fase 6: Permiss\u00f5es e Hardening (P\u00f3s-Limpeza)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Restaure as permiss\u00f5es corretas para evitar reinfec\u00e7\u00e3o imediata.<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Permiss\u00f5es Padr\u00e3o:<\/strong> <code>find . -type d -exec chmod 755 {} \\; find . -type f -exec chmod 644 {} \\; chmod 600 wp-config.php<\/code><\/li>\n\n\n\n<li><strong>Prote\u00e7\u00e3o contra Escrita (Imutabilidade):<\/strong> Como root, voc\u00ea pode usar o atributo imut\u00e1vel no <code>wp-config.php<\/code> e <code>.htaccess<\/code> para que nem mesmo o usu\u00e1rio do sistema possa alter\u00e1-los sem remover o atributo antes. <code>chattr +i wp-config.php chattr +i .htaccess<\/code><\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-fase-7-root-cause-analysis-como-eles-entraram\">Fase 7: Root Cause Analysis (Como eles entraram?)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">N\u00e3o adianta limpar se a porta continuar aberta. Verifique os logs (<code>access.log<\/code> e <code>error.log<\/code>).<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Busque por chamadas POST suspeitas:<\/strong> Geralmente, o ataque inicial ou o upload do webshell \u00e9 feito via POST. <code>grep \"POST\" access.log | grep \".php\"<\/code><\/li>\n\n\n\n<li><strong>Verifique a data dos arquivos maliciosos:<\/strong> Use <code>stat nome_do_arquivo_malicioso.php<\/code> para ver a data de modifica\u00e7\u00e3o e cruze essa data\/hora exata com o access log para ver qual IP acessou e qual URL foi explorada.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-resumo-de-ferramentas-uteis\">Resumo de Ferramentas \u00dateis<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/wp-cli.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">WP-CLI<\/a>:<\/strong> Essencial para reinstalar core e gerenciar usu\u00e1rios via terminal.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/rfxn\/linux-malware-detect\">Ma<\/a><a href=\"https:\/\/github.com\/rfxn\/linux-malware-detect\" target=\"_blank\" rel=\"noreferrer noopener\">ld<\/a><a href=\"https:\/\/github.com\/rfxn\/linux-malware-detect\">et<\/a> (<a href=\"https:\/\/helpsysadmin.com.br\/blog\/como-instalar-crowdsec\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Como instalar Crowdsec\" target=\"_blank\" rel=\"noopener\">Linux<\/a> Malware Detect):<\/strong> Excelente para scannear diret\u00f3rios em busca de assinaturas de malware conhecidas. <code>maldet -a \/home\/usuario\/domains\/dominio.com\/public_html<\/code><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.clamav.net\/\">C<\/a><a href=\"https:\/\/www.clamav.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">lam<\/a><a href=\"https:\/\/www.clamav.net\/\">AV<\/a>:<\/strong> Pode ser usado em conjunto com o <strong><a href=\"https:\/\/github.com\/rfxn\/linux-malware-detect\">Maldet<\/a><\/strong>.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/wordfence\/wordfence-cli\" target=\"_blank\" rel=\"noreferrer noopener\">Wordfence CLI<\/a>:<\/strong> Vers\u00e3o gratuita para linha de comando que faz um scan de alta performance (bom para servidores).<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Pr\u00f3ximo Passo:<\/strong> Ap\u00f3s limpar, remova o bloqueio de IP do <code>.htaccess<\/code>, limpe os caches (Redis\/Nginx\/LiteSpeed) e monitore o <code>tail -f error_log<\/code> nas pr\u00f3ximas 24 horas.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-faq-perguntas-frequentes-sobre-limpeza-de-malware-em-wordpress\">FAQ: Perguntas Frequentes sobre Limpeza de Malware em WordPress<\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1771225818075\"><strong class=\"schema-faq-question\">Posso limpar um site WordPress infectado apenas instalando um plugin de seguran\u00e7a?<\/strong> <p class=\"schema-faq-answer\">Geralmente n\u00e3o. Plugins de seguran\u00e7a s\u00e3o excelentes para preven\u00e7\u00e3o (WAF) e escaneamento, mas raramente conseguem remover <em>backdoors<\/em> complexos que se escondem em arquivos do sistema, cron jobs ou fora da pasta p\u00fablica. Para uma recupera\u00e7\u00e3o de desastre real, \u00e9 necess\u00e1rio acesso SSH e substitui\u00e7\u00e3o dos arquivos do n\u00facleo (core).<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1771226365981\"><strong class=\"schema-faq-question\">Como localizar arquivos maliciosos (backdoors) via SSH?<\/strong> <p class=\"schema-faq-answer\">A maneira mais eficiente \u00e9 buscar por arquivos PHP modificados recentemente (<code>find . -type f -name \"*.php\" -mtime -7<\/code>) ou usar o <code>grep<\/code> para encontrar fun\u00e7\u00f5es comumente usadas em <em>webshells<\/em>, como <code>base64_decode<\/code>, <code>eval<\/code>, <code>gzinflate<\/code> e <code>shell_exec<\/code> dentro da pasta <code>wp-content<\/code>.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1771226406229\"><strong class=\"schema-faq-question\">\u00c9 necess\u00e1rio reinstalar o WordPress ap\u00f3s uma infec\u00e7\u00e3o?<\/strong> <p class=\"schema-faq-answer\">Sim. A pr\u00e1tica recomendada de seguran\u00e7a (Hardening) dita que voc\u00ea nunca deve confiar em arquivos que estiveram em um ambiente comprometido. Substituir as pastas <code>wp-admin<\/code> e <code>wp-includes<\/code> por c\u00f3pias limpas do reposit\u00f3rio oficial garante que o c\u00f3digo executado seja leg\u00edtimo.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1771226437037\"><strong class=\"schema-faq-question\">O malware pode estar escondido no banco de dados do WordPress?<\/strong> <p class=\"schema-faq-answer\">Sim. Atacantes frequentemente injetam scripts JavaScript maliciosos (redirecionamentos) na tabela <code>wp_posts<\/code> ou criam usu\u00e1rios administradores fantasmas na tabela <code>wp_users<\/code>. \u00c9 crucial auditar o banco de dados al\u00e9m dos arquivos f\u00edsicos.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1771226454357\"><strong class=\"schema-faq-question\">O que fazer se o site for reinfectado logo ap\u00f3s a limpeza?<\/strong> <p class=\"schema-faq-answer\">Se a reinfec\u00e7\u00e3o for imediata, provavelmente h\u00e1 um &#8220;backdoor&#8221; persistente que n\u00e3o foi encontrado (talvez em um plugin &#8220;nulled&#8221;), uma tarefa cron maliciosa agendada no servidor, ou as senhas de banco de dados\/FTP n\u00e3o foram rotacionadas. Verifique tamb\u00e9m permiss\u00f5es de escrita incorretas (777).<\/p> <\/div> <\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-veja-mais\"><strong>Veja Mais:<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/helpsysadmin.com.br\/blog\/configurar-login-automatico-phpmyadmin\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Como Configurar Login Autom\u00e1tico no phpMyAdmin via DirectAdmin<\/strong><\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/helpsysadmin.com.br\/blog\/o-que-e-gerenciamento-de-servidor\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>O Que \u00e9 Gerenciamento de Servidor?<\/strong><\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/helpsysadmin.com.br\/blog\/apache-vs-nginx-vs-litespeed-benchmarks\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Guerra dos Web Servers: Apache vs. Nginx vs. Litespeed \u2013 Benchmarks reais.<\/strong><\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/helpsysadmin.com.br\/blog\/tcp-tuning-wordpress-alta-performance\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>TCP Tuning para WordPress: Guia de Alta Performance<\/strong><\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/helpsysadmin.com.br\/blog\/en\/antivirus-antimalware-antiphishing-on-centos-or-cloudlinux-with-clamav\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Antivirus, Antimalware, Antiphishing on Almalinux or Cloudlinux with ClamAV<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Guia de Recupera\u00e7\u00e3o de Desastre (DRP): WordPress Infectado Limpar wordpress infectado. Premissa: Assuma que qualquer arquivo .php pode conter c\u00f3digo malicioso e [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":3489,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4197],"tags":[2916,3519,3523,3517,2920,2310,3521],"class_list":["post-3391","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-seguranca-e-hardening","tag-hardening","tag-malware-removal","tag-recuperacao-de-desastre","tag-seguranca-wordpress","tag-ssh","tag-sysadmin","tag-wp-cli"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.9 (Yoast SEO v27.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Como Limpar WordPress Infectado: Guia de Recupera\u00e7\u00e3o via SSH<\/title>\n<meta name=\"description\" content=\"Servidor hackeado? Siga este DRP (Disaster Recovery Plan) para limpar WordPress infectado na raiz. Aprenda a remover backdoors, webshells e malware.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Como Limpar WordPress Infectado: Guia de Recupera\u00e7\u00e3o via SSH\" \/>\n<meta property=\"og:description\" content=\"Servidor hackeado? Siga este DRP (Disaster Recovery Plan) para limpar WordPress infectado na raiz. Aprenda a remover backdoors, webshells e malware.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog HelpSysAdmin\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-17T02:20:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-20T17:56:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/02\/wordpress_hacked.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"HelpSysAdmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@brhelpsysad\" \/>\n<meta name=\"twitter:site\" content=\"@brhelpsysad\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/\"},\"author\":{\"name\":\"HelpSysAdmin\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/person\\\/bdbe3d7d71a0c6a3cb474c18da574efb\"},\"headline\":\"Como Limpar WordPress Infectado: Guia de Recupera\u00e7\u00e3o via SSH\",\"datePublished\":\"2026-02-17T02:20:37+00:00\",\"dateModified\":\"2026-04-20T17:56:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/\"},\"wordCount\":1000,\"publisher\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/02\\/wordpress_hacked.webp\",\"keywords\":[\"hardening\",\"Malware Removal\",\"Recupera\u00e7\u00e3o de Desastre\",\"Seguran\u00e7a WordPress\",\"ssh\",\"SysAdmin\",\"WP-CLI\"],\"articleSection\":[\"Seguran\u00e7a e Hardening\"],\"inLanguage\":\"pt-BR\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/\",\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/\",\"name\":\"Como Limpar WordPress Infectado: Guia de Recupera\u00e7\u00e3o via SSH\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/02\\/wordpress_hacked.webp\",\"datePublished\":\"2026-02-17T02:20:37+00:00\",\"dateModified\":\"2026-04-20T17:56:39+00:00\",\"description\":\"Servidor hackeado? Siga este DRP (Disaster Recovery Plan) para limpar WordPress infectado na raiz. Aprenda a remover backdoors, webshells e malware.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771225818075\"},{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771226365981\"},{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771226406229\"},{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771226437037\"},{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771226454357\"}],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#primaryimage\",\"url\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/02\\/wordpress_hacked.webp\",\"contentUrl\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/02\\/wordpress_hacked.webp\",\"width\":1000,\"height\":1000},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Como Limpar WordPress Infectado: Guia de Recupera\u00e7\u00e3o via SSH\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\",\"name\":\"Blog HelpSysAdmin\",\"description\":\"Webserver linux blog\",\"publisher\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#organization\"},\"alternateName\":\"HelpSysAdmin Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#organization\",\"name\":\"HelpSysAdmin Gerenciamento de Servidores\",\"alternateName\":\"HelpSysAdmin\",\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\/\\/mlkpd8g42nae.i.optimole.com\\/w:512\\/h:512\\/q:mauto\\/f:best\\/https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2020\\/12\\/favicon.png\",\"contentUrl\":\"https:\\/\\/mlkpd8g42nae.i.optimole.com\\/w:512\\/h:512\\/q:mauto\\/f:best\\/https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2020\\/12\\/favicon.png\",\"width\":512,\"height\":512,\"caption\":\"HelpSysAdmin Gerenciamento de Servidores\"},\"image\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/brhelpsysad\",\"https:\\\/\\\/mastodon.social\\\/@helpsysadmin\"],\"description\":\"Oferecemos o gerenciamento de servidores dedicados, vps ou cloud. Apresentamos a melhor experi\u00eancia em atendimento e servi\u00e7o. Nosso time cuidar\u00e1 do seu servidor com backups, an\u00e1lises constantes, ajustes de seguran\u00e7a, realiza\u00e7\u00e3o de manuten\u00e7\u00e3o preventiva e corretiva, otimiza\u00e7\u00e3o de performance al\u00e9m de monitoramento 24\u00d77 com suporte Pr\u00f3 Ativo.\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"1\",\"maxValue\":\"10\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/person\\\/bdbe3d7d71a0c6a3cb474c18da574efb\",\"name\":\"HelpSysAdmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/efc0007e6a313a844b72de257e05c6083b07b6ecc6983a4f71e06293ff2e22fd?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/efc0007e6a313a844b72de257e05c6083b07b6ecc6983a4f71e06293ff2e22fd?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/efc0007e6a313a844b72de257e05c6083b07b6ecc6983a4f71e06293ff2e22fd?s=96&d=mm&r=g\",\"caption\":\"HelpSysAdmin\"},\"sameAs\":[\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\"]},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771225818075\",\"position\":1,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771225818075\",\"name\":\"Posso limpar um site WordPress infectado apenas instalando um plugin de seguran\u00e7a?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Geralmente n\u00e3o. Plugins de seguran\u00e7a s\u00e3o excelentes para preven\u00e7\u00e3o (WAF) e escaneamento, mas raramente conseguem remover <em>backdoors<\\\/em> complexos que se escondem em arquivos do sistema, cron jobs ou fora da pasta p\u00fablica. Para uma recupera\u00e7\u00e3o de desastre real, \u00e9 necess\u00e1rio acesso SSH e substitui\u00e7\u00e3o dos arquivos do n\u00facleo (core).\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771226365981\",\"position\":2,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771226365981\",\"name\":\"Como localizar arquivos maliciosos (backdoors) via SSH?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"A maneira mais eficiente \u00e9 buscar por arquivos PHP modificados recentemente (find . -type f -name \\\"*.php\\\" -mtime -7) ou usar o grep para encontrar fun\u00e7\u00f5es comumente usadas em <em>webshells<\\\/em>, como base64_decode, eval, gzinflate e shell_exec dentro da pasta wp-content.\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771226406229\",\"position\":3,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771226406229\",\"name\":\"\u00c9 necess\u00e1rio reinstalar o WordPress ap\u00f3s uma infec\u00e7\u00e3o?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Sim. A pr\u00e1tica recomendada de seguran\u00e7a (Hardening) dita que voc\u00ea nunca deve confiar em arquivos que estiveram em um ambiente comprometido. Substituir as pastas wp-admin e wp-includes por c\u00f3pias limpas do reposit\u00f3rio oficial garante que o c\u00f3digo executado seja leg\u00edtimo.\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771226437037\",\"position\":4,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771226437037\",\"name\":\"O malware pode estar escondido no banco de dados do WordPress?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Sim. Atacantes frequentemente injetam scripts JavaScript maliciosos (redirecionamentos) na tabela wp_posts ou criam usu\u00e1rios administradores fantasmas na tabela wp_users. \u00c9 crucial auditar o banco de dados al\u00e9m dos arquivos f\u00edsicos.\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771226454357\",\"position\":5,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/limpar-wordpress-infectado-guia-ssh\\\/#faq-question-1771226454357\",\"name\":\"O que fazer se o site for reinfectado logo ap\u00f3s a limpeza?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Se a reinfec\u00e7\u00e3o for imediata, provavelmente h\u00e1 um \\\"backdoor\\\" persistente que n\u00e3o foi encontrado (talvez em um plugin \\\"nulled\\\"), uma tarefa cron maliciosa agendada no servidor, ou as senhas de banco de dados\\\/FTP n\u00e3o foram rotacionadas. Verifique tamb\u00e9m permiss\u00f5es de escrita incorretas (777).\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Como Limpar WordPress Infectado: Guia de Recupera\u00e7\u00e3o via SSH","description":"Servidor hackeado? Siga este DRP (Disaster Recovery Plan) para limpar WordPress infectado na raiz. Aprenda a remover backdoors, webshells e malware.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/","og_locale":"pt_BR","og_type":"article","og_title":"Como Limpar WordPress Infectado: Guia de Recupera\u00e7\u00e3o via SSH","og_description":"Servidor hackeado? Siga este DRP (Disaster Recovery Plan) para limpar WordPress infectado na raiz. Aprenda a remover backdoors, webshells e malware.","og_url":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/","og_site_name":"Blog HelpSysAdmin","article_published_time":"2026-02-17T02:20:37+00:00","article_modified_time":"2026-04-20T17:56:39+00:00","og_image":[{"width":1000,"height":1000,"url":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/02\/wordpress_hacked.webp","type":"image\/webp"}],"author":"HelpSysAdmin","twitter_card":"summary_large_image","twitter_creator":"@brhelpsysad","twitter_site":"@brhelpsysad","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#article","isPartOf":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/"},"author":{"name":"HelpSysAdmin","@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/person\/bdbe3d7d71a0c6a3cb474c18da574efb"},"headline":"Como Limpar WordPress Infectado: Guia de Recupera\u00e7\u00e3o via SSH","datePublished":"2026-02-17T02:20:37+00:00","dateModified":"2026-04-20T17:56:39+00:00","mainEntityOfPage":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/"},"wordCount":1000,"publisher":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#organization"},"image":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#primaryimage"},"thumbnailUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/02\/wordpress_hacked.webp","keywords":["hardening","Malware Removal","Recupera\u00e7\u00e3o de Desastre","Seguran\u00e7a WordPress","ssh","SysAdmin","WP-CLI"],"articleSection":["Seguran\u00e7a e Hardening"],"inLanguage":"pt-BR"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/","url":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/","name":"Como Limpar WordPress Infectado: Guia de Recupera\u00e7\u00e3o via SSH","isPartOf":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#primaryimage"},"image":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#primaryimage"},"thumbnailUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/02\/wordpress_hacked.webp","datePublished":"2026-02-17T02:20:37+00:00","dateModified":"2026-04-20T17:56:39+00:00","description":"Servidor hackeado? Siga este DRP (Disaster Recovery Plan) para limpar WordPress infectado na raiz. Aprenda a remover backdoors, webshells e malware.","breadcrumb":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771225818075"},{"@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771226365981"},{"@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771226406229"},{"@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771226437037"},{"@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771226454357"}],"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#primaryimage","url":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/02\/wordpress_hacked.webp","contentUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/02\/wordpress_hacked.webp","width":1000,"height":1000},{"@type":"BreadcrumbList","@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/helpsysadmin.com.br\/blog\/"},{"@type":"ListItem","position":2,"name":"Como Limpar WordPress Infectado: Guia de Recupera\u00e7\u00e3o via SSH"}]},{"@type":"WebSite","@id":"https:\/\/helpsysadmin.com.br\/blog\/#website","url":"https:\/\/helpsysadmin.com.br\/blog\/","name":"Blog HelpSysAdmin","description":"Webserver linux blog","publisher":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#organization"},"alternateName":"HelpSysAdmin Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/helpsysadmin.com.br\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/helpsysadmin.com.br\/blog\/#organization","name":"HelpSysAdmin Gerenciamento de Servidores","alternateName":"HelpSysAdmin","url":"https:\/\/helpsysadmin.com.br\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:512\/h:512\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2020\/12\/favicon.png","contentUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:512\/h:512\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2020\/12\/favicon.png","width":512,"height":512,"caption":"HelpSysAdmin Gerenciamento de Servidores"},"image":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/brhelpsysad","https:\/\/mastodon.social\/@helpsysadmin"],"description":"Oferecemos o gerenciamento de servidores dedicados, vps ou cloud. Apresentamos a melhor experi\u00eancia em atendimento e servi\u00e7o. Nosso time cuidar\u00e1 do seu servidor com backups, an\u00e1lises constantes, ajustes de seguran\u00e7a, realiza\u00e7\u00e3o de manuten\u00e7\u00e3o preventiva e corretiva, otimiza\u00e7\u00e3o de performance al\u00e9m de monitoramento 24\u00d77 com suporte Pr\u00f3 Ativo.","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"1","maxValue":"10"}},{"@type":"Person","@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/person\/bdbe3d7d71a0c6a3cb474c18da574efb","name":"HelpSysAdmin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/efc0007e6a313a844b72de257e05c6083b07b6ecc6983a4f71e06293ff2e22fd?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/efc0007e6a313a844b72de257e05c6083b07b6ecc6983a4f71e06293ff2e22fd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/efc0007e6a313a844b72de257e05c6083b07b6ecc6983a4f71e06293ff2e22fd?s=96&d=mm&r=g","caption":"HelpSysAdmin"},"sameAs":["https:\/\/helpsysadmin.com.br\/blog\/"]},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771225818075","position":1,"url":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771225818075","name":"Posso limpar um site WordPress infectado apenas instalando um plugin de seguran\u00e7a?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Geralmente n\u00e3o. Plugins de seguran\u00e7a s\u00e3o excelentes para preven\u00e7\u00e3o (WAF) e escaneamento, mas raramente conseguem remover <em>backdoors<\/em> complexos que se escondem em arquivos do sistema, cron jobs ou fora da pasta p\u00fablica. Para uma recupera\u00e7\u00e3o de desastre real, \u00e9 necess\u00e1rio acesso SSH e substitui\u00e7\u00e3o dos arquivos do n\u00facleo (core).","inLanguage":"pt-BR"},"inLanguage":"pt-BR"},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771226365981","position":2,"url":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771226365981","name":"Como localizar arquivos maliciosos (backdoors) via SSH?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"A maneira mais eficiente \u00e9 buscar por arquivos PHP modificados recentemente (find . -type f -name \"*.php\" -mtime -7) ou usar o grep para encontrar fun\u00e7\u00f5es comumente usadas em <em>webshells<\/em>, como base64_decode, eval, gzinflate e shell_exec dentro da pasta wp-content.","inLanguage":"pt-BR"},"inLanguage":"pt-BR"},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771226406229","position":3,"url":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771226406229","name":"\u00c9 necess\u00e1rio reinstalar o WordPress ap\u00f3s uma infec\u00e7\u00e3o?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Sim. A pr\u00e1tica recomendada de seguran\u00e7a (Hardening) dita que voc\u00ea nunca deve confiar em arquivos que estiveram em um ambiente comprometido. Substituir as pastas wp-admin e wp-includes por c\u00f3pias limpas do reposit\u00f3rio oficial garante que o c\u00f3digo executado seja leg\u00edtimo.","inLanguage":"pt-BR"},"inLanguage":"pt-BR"},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771226437037","position":4,"url":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771226437037","name":"O malware pode estar escondido no banco de dados do WordPress?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Sim. Atacantes frequentemente injetam scripts JavaScript maliciosos (redirecionamentos) na tabela wp_posts ou criam usu\u00e1rios administradores fantasmas na tabela wp_users. \u00c9 crucial auditar o banco de dados al\u00e9m dos arquivos f\u00edsicos.","inLanguage":"pt-BR"},"inLanguage":"pt-BR"},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771226454357","position":5,"url":"https:\/\/helpsysadmin.com.br\/blog\/limpar-wordpress-infectado-guia-ssh\/#faq-question-1771226454357","name":"O que fazer se o site for reinfectado logo ap\u00f3s a limpeza?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Se a reinfec\u00e7\u00e3o for imediata, provavelmente h\u00e1 um \"backdoor\" persistente que n\u00e3o foi encontrado (talvez em um plugin \"nulled\"), uma tarefa cron maliciosa agendada no servidor, ou as senhas de banco de dados\/FTP n\u00e3o foram rotacionadas. Verifique tamb\u00e9m permiss\u00f5es de escrita incorretas (777).","inLanguage":"pt-BR"},"inLanguage":"pt-BR"}]}},"lang":"pt","translations":{"pt":3391},"pll_sync_post":{},"_links":{"self":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts\/3391","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/comments?post=3391"}],"version-history":[{"count":6,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts\/3391\/revisions"}],"predecessor-version":[{"id":3508,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts\/3391\/revisions\/3508"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/media\/3489"}],"wp:attachment":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/media?parent=3391"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/categories?post=3391"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/tags?post=3391"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}