wordpress malware removal

How To Remove Malware From Your Hacked WordPress Site?

Do you have a malware problem on your WordPress site? If yes, then you will find the solution in simple steps here. We’re going to walk you through the WordPress malware detection and clean-up process.

Many WordPress plugins have now been added to search your website and identify vulnerabilities on your site, as well as find the exact source of the infection. These will assist you with total precision in the process of eliminating malware from your WordPress pages, saving you a lot of time.

Before downloading any WordPress malware removal plugin, search your site using the WP Hacked Aid malware scanner if you are trying to get rid of malware from your site.
There was a sudden increase in WordPress pages being infected with malware during COVID-19. It has therefore become more important than ever to clean up a hacked site. Malicious codes will kill your website if your site is compromised, so it’s necessary to act quickly to delete malware from your WordPress site.

Thanks to the vast number of templates and plugins it offers, which allow virtually everything to be done, WordPress has become one of the most used tools worldwide when making a web page.

Site protection for WordPress is not to be taken lightly. Anyone can be hacked and these tips can help you to minimize possible harm and clean up the hacked WordPress website.

Review Our Checklist for WordPress Malware Removal

⭐ How to detect malware on a WordPress site?

If your WordPress website or blog has been hacked or compromised with malicious code or malware, there are many ways to find out.

Prevention is the most important aspect of being safe from any form of attack, which means we need to take some steps to eliminate malware from the WordPress site and secure our website.

The key action that WordPress users can take is to always keep their site updated with the latest stable version available, typically fixing common WordPress vulnerabilities detected in previous versions with a new version. In addition to this, doing the same with the plugins we use is also very necessary, as well as removing all those that we do not use.

There are many things that can occur when malware infects a web, but what is obvious is that none of them is healthy. Among the concerns that could arise are:

  1. Increase consumption of server resources, both web, and MySQL
  2. Theft of personal data of users and customers
  3. A penalty by Google or Google Blacklisting
  4. Alert messages that your site is infected – “This Site May Be Hacked” Message in google
  5. The appearance of unwanted advertising
  6. Sending spam mail in bulk
  7. The disappearance of information from our site.
  8. It can compromise your website security and have a negative impact on your SEO
  9. WordPress Ransomware
  10. WordPress Phishing attack

⭐ Steps For WordPress Malware Removal

Easy Steps To Remove Malware From WordPress Site: 

  • Run An Antivirus Scan
  • Run Website Malware Scan
  • List Files By Modification Date
  • Scan Downloads Folder
  • Back up WordPress site
  • Deactivate Plugins/Clean Up WP-Themes
  • Change Passwords
  • Find Malicious Code
  • Remove Default ‘admin’ Account
  • Lock WP Login
  • Install Security Plugins
  • Change Hosting Provider
  • Restore Backup
  • Request Google Security Review

Once we have realized that our site has been infected with some type of malicious code, the first thing we must do is to detect what type of malware has infected us and which files are the ones that are infected. Also, some useful steps to finding and removing malware from a WordPress sites. To achieve this goal, use the below-mentioned steps.

1 – Run An Antivirus Scan On Computer

Using an antivirus that we have installed on our device is another method we can use to detect files that have been infected. We may download the whole site with an FTP program so that each of the files that are part of the network is analyzed in search of malicious code.

The antivirus is typically able to examine the files as they are being downloaded, so we can only go to see the produced report once the download is complete to know which are those that have been designated as potentially harmful.

2 – Run Website Malware Scan Online

If the above options have not yielded good results or you do not like them, we can always use some of the online tools that we can find online and that are able to scan our site for malware. WP Hacked Help is among the most popular site which detects and remove malware from the WordPress.

Once our entire site has been analyzed, WP Hacked Help shows a report with the files that have been infected.

Within the online tools, we can also activate the Google Webmaster tool to consult its  “Security problems” section where it will inform us about the type of threat we are suffering.

3 –  List Files By Modification Date

One of the quickest ways to identify potentially hazardous files is to access and sort them by modification date via FTP. Thus, those who have undergone some sort of shift recently will appear in the first place.

If there is nothing in them that we have not altered, it could be a sign that there is some kind of code within that causes the problem.

The issue with this method is that to find one of the infected files, you should go through all the directories that are part of the web, a job that may be very boring if the code has been placed in a large number of files.

4 – Scan your downloads folder

You must scan the download folder for possible malware. Typically, the download folder does not contain any PHP files. So, delete all PHP files in a wp-content folder.

Now, you may be wondering how to find all the possible PHP files in this folder because the size of your download folder is much larger.

How to find and delete PHP files in a specific folder?

  • Using the cPanel File Manager

You can do this with the cPanel file manager. Type .php in a search bar and select the current directory. The file manager will display all PHP files.

  • Using the FileZilla File Filter

FileZilla does a great job if you want to filter a specific file type and only want to delete certain types of bulk files. Here’s how to use the FileZilla file filter;

Using Windows Scan is another way to discover PHP files in the download folder. Download the ‘Uploads’ folder on your PC and search for PHP files using Windows Explorer.

Install a security plug-in called Anti-Malware and Brute-Force Security after cleaning your wp-content folder and reinstalling the theme and plugins, then analyze your WordPress with this plugin. This plugin can detect and correct several established threats and traps. Your deprecated Tim thumb script can also be revised.

5 – Back up your WordPress site completely and regularly

Before any intervention, make a regular backup of your WordPress site. You must save the following items:

  • Your MySQL database
  • Your FTP account

Your host may have a full backup system directly accessible via cPanel for example. Take the opportunity to get a complete ZIP of your site!

6 – Deactivate Plugins/Clean Up WP Theme

The most possible way WordPress hacked is that it was a plugin or theme and a flaw that it had. Or you have downloaded them from unreliable sources free of charge.

In order to delete malicious code, the step we are now going to take is easy but much more important:

  • In WordPress Themes, we need to search & detect malware and make sure we download themes from the original source and overwrite the files in the folder with the template name in the newly downloaded /wp-content/themes/.
  • You will lose those modifications if you have made any changes directly to these files and have not used a child theme.
  • If so, you’ll have discovered how important it is to build and what the theme of the child is about.
  • The next move is to replicate what we have done so far, except with the plugins included in the directories.
  • From their respective repositories, we will have to download the clean plugins and replace them.
  • In other words, uninstall the /wp-content/plugins/ folder path for each plugin and copy the new files.

7 – Change Passwords

A significant step that you need to take is to update all your web-related passwords.

  • Adjust the administrator-level password for all accounts.
  • Adjust your hosting panel’s access password.
  • Adjust the password even though you do not make much use of FTP.
  • And eventually, change the database user’s password.

In your case, you can do the last two steps from CPanel or from the panel you have from your hosting provider:

You will need to go to the Database section-> MySQL Databases-> Current Users-> Change Password if you use CPanel.
It’s important to update it in the wp-config.php after you have updated it because otherwise, the site won’t work when you don’t connect to the database.

You must have a password of at least 8 characters to use a safe password, whether on your WordPress site or on your personal computer, including:

  • Numerics;
  • Particular symbols;

This will save you from trying dictionary terms against hacker attacks.

Avoid any detail, such as a birth date, a department number, that refers to your personal life. Privacy is poorly secured on the Internet nowadays.
Of course, for your various accounts, use special passwords. A password to monitor all of them and we saw how it ended.

8 – Find Malicious User

If you are registered and your WordPress website has many users, click here. Some hackers register on your WordPress and execute malicious scripts exploiting any vulnerability of their theme or their plugin. You can use Stop Spammers to spam and delete them.

9 – Remove the default ‘admin’ account

In older versions of WordPress, the admin ID was the account created by the administrator during installation. Therefore, it is a first-rate identifier tested during brute force hacking attempts by hackers. (Read-How to change your WordPress username also)

To learn how to remove the WordPress admin account if your installation is old, limit the risks by watching this video podcast.

10 – Lock WP Login To Limit Login Attempts in WordPress

By default, as many login/password pairs as you wish to connect to your WordPress administration can be tested. The IP address and timestamp of every failed WordPress login attempt are recorded by Login LockDown. After a certain number of attempts from the same IP range are detected within a short period of time, the login function is disabled. This helps prevent the discovery of brute force passwords and protects your WordPress from brute force assault.

So, install the plugin Login LockDown to limit the number of attempts permitted for a certain amount of time.

Upon activation, you need to visit the Settings » Login LockDown page to configure the plugin settings.

For more security, you can also use Setup WordPress Two-Factor Authentication

11 – Install Security Plugins

As you have suffered in your own body, the security of WordPress is not infallible, despite being quite good. That is why it is essential that you take the time to apply multiple safety reinforcement points.

As a key point, the best free and paid WordPress Security Plugins can be installed. We have included the most widely used and extremely reliable security plugins for WordPress that provide real-time detection.

12 – Change hosting provider

They can upload their malware in various ways, such as disguised plugins, manipulation of source code, malicious redirection, drive-by downloads, phishing, or via backdoors, etc.

13 – Restore Your Backup

Restoring the site from your backup is the most recommended technique. These backup files will help you retain your customization even if you have customized the theme. Install the recovery plugin and remember that, with our WordPress malware scanner, to recover the site from a backup, use the same plugin that was used to back up your site and re-scan the entire website.

14 – Tell Google that We Are Clean

If your website was hacked and the notice we saw at the beginning was shown, it was because it was detected by Google and the “infected poster” was put in.

You can see this when you access the Search Console from the Security Issues menu.

We can ask Google to reconsider the website using the Request a Review tool once you have cleaned up all traces of malware, which you will see in the same previous menu next to the warning that your website contains malicious software.

A small report of the steps you took and how you solved the hack and sent it should be described. Wait for your website to be checked and you will be informed of the outcome via email.

There should be no trouble removing Google Blacklist Warnings if everything has been done well.

Conclusion – Remove Malware from WordPress

As you may have seen, it is not completely complicated to recover a hacked WordPress site that has been compromised and infected with some malicious injection of code.

With all the WordPress malware removal steps explained, you will have to be patient and careful until you get your website clean and operational again.

It is true that the infection may have gone a step further and been injected into the code database. In this situation, the recovery is more complex because, among all the tables, one would have to look for certain patterns that are used as malicious code.

And it is also true that sometimes a complete cleaning may not be achieved with these steps and more artillery and a magnifying glass would have to get deeper to find where the issue is.

But the usual WordPress hacks in general, like:

  • XSS Attack from WordPress
  • PHP Exploit for Web Shell
  • WordPress Arbitrary Vulnerability for File Deletion
  • Pharma Hack for WordPress
  • .htaccess hack for WordPress
  • DDoS Attack for WordPress
  • Redirecting Malware from WordPress
  • Japanese Hack Keywords

With these cleaning directives, they are usually solved.

We do not want to end without commenting again on the importance of taking precautions with security measures from the beginning, through plugins, good servers, and passwords with common sense. And if you decide to hire WordPress security services offered by WP professionals, it will not hurt