v0.0.1.9 — Malware pattern detection

Added

• Fast malware pattern detection (Phase 1) in wp-security-audit.sh — runs without dependencies:
  • goods.php / shop.php known PHP shells 🔴
  • .tmb/*.php Tiny File Manager 🔴
  • wp-includes/blocks/ZEa/ backdoor block 🔴
  • wp-login.php yrxc_uck cookie auth bypass 🔴
  • Obfuscated large single-line PHP (>50KB, <5 lines) 🟠
  • eval/system/exec/base64_decode at webapp root 🟡
  • Non-core files in wp-includes/ 🟡
  • Suspicious cron hooks via wp-cli 🟡
• Dependencies optional — warn instead of exit 1 if clamav/rkhunter/chkrootkit missing
• --install-deps flag — one-command install of clamav + rkhunter + chkrootkit
• Summary score per-site with colored output (green=clean, red=issues)

Closes #34

v0.0.1.3

Fixed

• wp-migration.sh: $table_prefix is now parsed correctly. The previous sed "s/.*'//; s/'.*//" was greedy and captured the trailing ; instead of the prefix value, producing prefix: ; in logs and silently breaking step 6 (URL update would query ;options and fail). Replaced with awk -F"'" + validation that the prefix matches [A-Za-z0-9_]+.

Deploy

cd /root/runcloud-bash-scripts && git stash && git pull origin main && chmod +x *.sh

v0.0.1.2

Fixed

• wp-migration.sh: SSH connections multiplexed via ControlMaster=auto + ControlPersist=10m. Password (or key passphrase) prompted at most once per migration instead of ~8 times across the db-export, rsync, config-sync, submodule-init, and url-update steps.
• wp-migration.sh: database import errors are no longer masked. mysql failures (e.g. ERROR 1045 Access denied) abort the migration with an actionable hint about destination DB/user/password requirements, instead of being followed by a bogus "Database imported successfully" line.

Deploy

cd /root/runcloud-bash-scripts && git stash && git pull origin main && chmod +x *.sh

v0.0.1.1

Fixed

• wp-migration.sh: source path is now auto-detected by scanning /home/*/webapps/<app> instead of trusting $USER, which broke the script when invoked as root (/home/root/webapps/... doesn't exist) and didn't support custom system users on private servers. Override with SRC_USER=<user> if auto-detection picks the wrong match (#21).
• wp-git-cleanup.sh: detect stale .git/index.lock from a previously crashed run and abort cleanup with an actionable error instead of silently swallowing every subsequent git commit failure (#19). Commit and add operations now also surface their exit code rather than masking it.

Deploy

cd /root/runcloud-bash-scripts && git stash && git pull origin main && chmod +x *.sh

Or via cron-installed self-update.sh (note: silent-fails on servers with local modifications — use the manual command above if in doubt).