WP-Narcan
Emergency recovery for compromised WordPress sites. When your WordPress installation has been infected with malware, WP-Narcan rebuilds it from clean sources — offline, safely, and completely.
MIT License · Python · v1.0
Rebuild From Clean
WP-Narcan works by replacing all executable code with verified clean copies. Your content and configuration stay intact.
Detect
Validates that the target directory contains a WordPress installation before proceeding.
Rebuild Core
Downloads the latest WordPress core and replaces all system files with clean, verified copies.
Restore Plugins & Themes
Fetches clean versions of all installed plugins and themes from the official WordPress repository.
Clean Uploads
Scans the uploads directory for suspicious PHP files and malicious scripts, removing them safely.
Usage
# Clone the repository
$ git clone https://github.com/ReignOfComputer/WP-Narcan.git
$ cd WP-Narcan
# Run against a compromised WordPress installation
$ python wpnarcan.py /path/to/wordpress
# Follow the on-screen prompts to:
# - Confirm WordPress directory
# - Rebuild core files
# - Restore plugins and themes
# - Scan and clean uploadsWhat WP-Narcan Does
- Replaces WordPress core with the latest clean version
- Downloads fresh copies of plugins from wordpress.org
- Downloads fresh copies of themes from wordpress.org
- Identifies and removes malicious PHP files in wp-content/uploads
- Preserves "Silence is golden" index.php files
- Guides you through the process with interactive prompts
What It Won't Do
- Cannot restore premium/paid plugins (must reinstall manually)
- Does not modify your database — only files
- Does not scan for database-level injections
- Won't fix custom code modifications or child themes from external sources
- Not a replacement for a full security audit
Need Professional Cleanup?
WP-Narcan handles the file-level recovery. For full malware removal including database cleanup, security hardening, and ongoing monitoring — we offer professional services.