7 Easy Steps To Remove Malware On WordPress

Written by

Want to know how to remove malware from your WordPress sites that are infected? – Let us show you the steps to getting rid of infectious malware from your WordPress website is not a walk in the park.

It is stressful and emotionally draining. You may decide to do it yourself by installing WordPress malware removal plugins. You may also decide to search for a professional to work on your site. I advocate for the latter combined with plugins such as SucuriSecurity.

Steps-To-Remove-Malware-On-WordPressThe combination will offer a mix of malware detection and file integrity scanning. You are 100% certain of effective scanning and clearing of all viruses and malware present.

So, your website is already hacked and infected with malware, what do you do? Here are some 7 easy steps that you may follow to remove malware on WordPress.

7 Steps To Remove Malware On WordPress

  1. Identify the hack

The first thing you ought to do is to scan through your computer. A thorough scan. Run the anti-malware program to identify the various viruses, Trojan and malware that may have infected your PC. Access to the WordPress panel in an infected computer may transfer the malware.

You may also run your URL through the Safe Browsing Site Status website. It will provide vital information on malicious redirects and spams on your site. It will also provide testing details on the most recent Google scan that found the malware.

  1. Backup the site files and Database.

Backing up your files is a safety net. Most web hosts quarantine or completely banish infected websites from their servers. It is a common standard procedure. You may need to protect your data in case of any eventuality. The backup can be initiated through the updraft plus plugin.

Set in the WordPress backup and go have a cup of coffee. It will take time! Lots of it. The backup files are usually large.  If you can’t login, you can back up the full site using the web host’s snapshot feature. It is important to back up the .htaccess file which may be invisible to you. Rename the file by removing the period so as to make it accessible in your computer.

  1. Download and scrutinize the Backup files

After identifying the hack and backing up, your next step is to download the backup zip file. The file should include;

  • All WordPress core files
  • The wp-config.php file
  • The .htaccess file
  • The wp-content folder
  • The database SQL file

You need to scrutinize the files one by one to confirm there is no malware or additional malicious code present. It is easily done through comparing your downloaded file to the original WordPress core files. Presence of the themes, plugins, and images is a good sign that you have a good backup for your site.

  1. Format your WordPress Site

This step involves deleting all the files in the public_html folder using the web host’s file manager. You need to wipe out your WordPress site and start on a clean slate. However, you should be careful not to delete the wp.content and wp.config.php.

wp.contentdirectory carries all your themes, plugin files, and images. wp.config.php allows you to connect your app to the database. These files will play a huge role in getting your site back up and running.

If you are hosting multiple sites from this one account, it is prudent for you to subject them to a similar process. The backup, download, and deletion of WordPress pages as the cross infection is common.

  1. Reinstall WordPress and change passwords and permalinks

Through the one-click installer, reinstall WordPress in the web hosting control panel. You may also decide to upgrade your WordPress to obtain new login encryption salts. It also ensures that the site is free from any malicious code.

Changing the passwords and permalinks is a simple step. Reset everything. Log in to WordPress and reset all the usernames and passwords. If you notice any foreign user, lock them out of accessing your database.

Passwords are graded according to their complexity, length, and uniqueness. For a safe and secure site, let your password include one special character. For example #<* and! It is also vital to include a mix of numbers and upper case and lower case characters. The mixing makes harder for hackers and spammers to gain access to your site.

For permalinks, it would be beneficial to consult a professional to ensure no malicious code has been left behind. If you opt to do it yourself, head to settings>permalinks and save your changes. This step will restore your .htaccess file and your URL will be able to work again. Be sure to also reset all FTP and web hosting account usernames and passwords.

  1. Restore 5the Plugins, themes, and images from your backup

The next step would be to reinstall all your plugins from the repository. Make sure that the plugins do not contain suspicious files and malware. You may also opt to go for fresh downloads from premium plugin developers.

You may customize your site with the themes from the backup and give the site a refreshed look. To upload your old image files may be the harder part. Carefully examine each image to ensure they have a clean bill of health. You can then upload the malware-free files to your server through FTP.

  1. Scan your computer again and install security Plugins

Scan your PC again and confirm it is free of infectious viruses, Trojans and malware. It would also be prudent to install the WordPress security plugin. This will help boost your firewalls and prevent further attacks.

To confirm that you are free of the virus, you may run Anti-malware security and Bruteforce firewall. This will help scan the site carefully before giving it a clean bill of health.

Bonus hint: It would be vital for you to head to Google to get rid of the warning sign. You ought to request a review from Google after the hack has been completely fixed to remove the suspension

Bottom Line of WordPress malware removal

Handling a hack on your website can be frustrating. However, it is essential for you to remain calm and handle the situation effectively. Following the above guideline, your site will be up and running again within no time. If you need WordPress support for malware removal, check the WordPress malware removals services.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.