WPLift is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission.
Guide To: How To Remove Malware From Your WordPress Site (2024)
As a business owner, having a WordPress site is one of the most crucial steps for growing your business. And the reason is simple. WordPress and its related features make it easy for you to inform, entertain, and educate your readers or followers.
But despite its many benefits, WordPress has several security vulnerabilities. This is why it is critical to understand what malware is and how to remove malware from a WordPress site.
Knowing how to remove malware from a WordPress site is a skill every webmaster should have. Malware stands for malicious software, a general term for harmful programs and files that can compromise a system. It can damage computers, servers, networks, and websites.
Today, you’ll learn how to identify and how to remove malware from a WordPress site.
In a hurry? Looking for a solid solution? Check out Malcare.
Identifying the Malware on your WordPress Site
It’s safe to say you don’t want your dream WordPress site to be hacked or have to deal with any unwelcome scenarios that compromise your WordPress site’s security. But, unfortunately, every WordPress site owner faces security vulnerabilities, whether you run a large or small online business.
As a result, now is the best time to run a malware and malicious code scan on your WordPress site. Because many beginners don’t immediately install a WordPress security scanner, malware or malicious code can go undetected for a long time. Even if your WordPress site is not hacked or affected, you should still learn how to scan your WordPress site for malicious code. It will help you protect your website against future attacks.
Before we go any further, let’s look at how you can tell if your website has been hacked. These steps will help you identify malware and prepare you for resolving possible critical issues in the future.
Make use of a URL Scanner
A URL scanner is a useful tool to use if you suspect your website is infected with malware. VirusTotal, which uses over 60 antivirus scanners and URL/domain blacklisting services to see if your URL has been flagged for malware, is one of several websites that will scan any URL for free. If your website has been flagged for malware and you want to figure out where the infection came from, start by looking at the code.
Make a backup of your WordPress site
It’s quite important to have a backup file of your website before doing anything. You could lose all of your important files and data if you don’t, so ensure you have a solid backup of your WordPress site.
You can do this in two ways, depending on whether you have access to your site or not. If you don’t have access to your site, follow these steps:
- Go to File Manager and right-click the public_html directory, then choose Compress. Then, by right-clicking on the archive and downloading it, save it to your computer.
- After that, go to Site Manager > Connect Navigate to the document root of your website in the left box. Right-click the public_html directory in the right box and select Archive. Once the archive has been created, right-click it and choose Download.
Alternatively, if you do have access to your site, then you have to use any WordPress backup plugin, in this case. And then follow the instructions.
Inspect Your Website for Malicious Redirects
It might take you quite a bit to realize your website contains malware that redirects visitors to suspicious sites.
The most troubling part is that this code that redirects visitors to another site can be placed anywhere on a website, which makes it difficult to detect. Admins often struggle to detect malicious redirects because the version of the site they see on their computers doesn’t show any signs of malicious activity.
Consequently, webmasters usually find out that their sites contain this type of malware from the visitors who report the problem. Removing malicious redirects from a site will take time, so the first thing you’ll have to do is restrict access to a site to stop the malware from spreading. You’ll need access to the site server’s FTP software and some coding experience to restrict website access. Essentially, what you need to do is use the FTP software to find the .htacsess file on the server and then add a code snippet to it.
Keep an eye out for any changes
Keeping frequent backups of your website is a best practice for all website owners. This has several benefits, including the ability to restore your site in the event of a cyberattack. Additionally, knowing how your website’s clean, normal code looks can assist you in spotting the signs of potential malware.
But what if something goes wrong and you don’t have a clean backup? You can check your database, files, and source code for signs of malware if you are familiar enough with your website or content management system (CMS) code to review it for suspicious content.
Check for database malware
To check for malware in your databases, you will need access to a database administration tool offered by your web host. Once you have access to the tool, check for signs of malware using this list of the common syntax used by cybercriminals.
Examine your source code for malware
If you’re looking for malware in your source code, you’ll want to look at two types of attributes: script attributes and iframe attributes. Check for lines that begin with “script src=>” and any unfamiliar URLs or file names that follow. In the same way, look for unusual URLs in iframe src=”URL”>. If anything doesn’t look right, or the URL doesn’t look right, it’s probably a sign of cybercrime.
Check for malware in your files
We suggest downloading your backup using an FTP client or with the file manager, then locally running a scan on the backup.
To diagnose and fix possible issues in your site’s files, use an anti-virus system and a malware scanner like Kaspersky or Malwarebytes. Change your FTP password and re-upload site files if the scan successfully identifies and removes any issues.
Try Reinstalling WordPress Core Files
You should reinstall the WordPress core files if you suspect your website is infected with malware.
The fastest way to do this is to navigate to the Updates page in the Dashboard menu and click the Reinstall Version x.x.x button. However, you’ll have to use the FTP software to reinstall WordPress if you no longer have access to your site.
The process is straightforward and it involves completing the following steps:
- Access the WordPress core files through an FTP
- Download the wp.content folder to a computer and unzip it
- Delete the wp-content folder after extracting the downloaded file
- Use the FTP to log in to your site and upload all remaining files from the local hard drive
- Overwrite the existing files on the server
Please note that the exact steps you must take during this process depend on the server and FTP software you’re using.
Removing the Malware from Your WordPress Site
How to remove malware from your WordPress site manually
You have a few options for removing malware from your WordPress site. To begin, you’ll need to connect to the site’s files via FTP or a file manager.
- Delete every file and folder in your site’s directory, except for wp-config.php and wp-content.
- After that, open wp-config.php and compare its contents to wp-config-sample.php from the WordPress GitHub repository or the same file from a fresh installation.
- Remove any suspiciously long strings of code.
- Once you’ve finished inspecting the file, it’s also a good idea to change the password for your databases.
Navigate to the wp-content directory and perform the above actions on these folders:
- Plugins – list all your installed plugins, and erase the subfolder. You can re-download and re-install them at a later time.
- Themes – if you have a clean backup or don’t mind reinstalling, delete everything except your current theme and check for suspicious code, or just remove it entirely if you haven’t saved a clean backup.
- Check your uploads for anything you haven’t done yet.
- After you’ve deleted the plugins, delete the index.php file.
How to remove malware from your WordPress site using a plugin
Installing a WordPress malware removal plugin is one of the simplest ways to remove malware. The best plugins can scan your WordPress site for malware and other malicious code, then identify and remove it.
They also look for other security flaws on your site and assist you in resolving them. You do not, however, want to use just any plugin for this. You’ll want to use effective plugins if you’re trying to get rid of malware on your site or set up ongoing protection.
To help you, we decided to compile a list of the best WordPress malware removal plugins and came up with a top-six list. Learn how to use these plugins to remove malware from your WordPress site.
MalCare Security Plugin
MalCare provides the quickest malware removal service available. Ticket-based cleaning is available with most WordPress security services. If your website is hacked, you must first submit a ticket, pay the malware removal fee, and then wait for security personnel to clean your site and respond. This is a time-consuming process that entails granting third-party access to your website.
MalCare’s Cleaner works uniquely. Time is of the essence after a hack. The longer it takes, the more likely your website will be blacklisted by Google or suspended by your web host. To clean a hacked website, MalCare offers an instant WordPress malware removal service. All you have to do is press a button, relax, and wait for the plugin to clean your site in a matter of minutes.
How to Use MalCare?
- You must first download and install the MalCare plugin on your website before using it.
- Then go to the MalCare dashboard and add your site. The plugin will begin scanning your website immediately. It will notify you if it discovers any malicious files on your website.
- Using MalCare’s Auto-Clean button, you can clean your site right away.
Wordfence Security Plugin
Wordfence, unlike many other plugins, is updated on a regular basis. This means it guards you against the most recent threats.
Wordfence comes with a full-featured firewall. This means it protects your website from attacks, malware, and backdoor vulnerabilities. Defense Against Threats Wordfence will be armed with the most up-to-date firewall rules, malware signatures, and malicious IP addresses it requires to keep your website safe. Wordfence is the most comprehensive WordPress security solution available, with 2FA and a suite of additional features.
How to use Wordfence Security Plugin?
- Simply press the Start New Scan button to have the plugin.
- Begin performing the series of checks on your site (3).
- When it’s finished, the Results Found (4) tab will show you a long list of potential issues with the site. These are coded green/yellow/red and range in priority from low to high.
- For serious threats, such as hidden malware or unknown files, press the Delete all Deletable Files (5) button, and those will be taken care of for you.
Sucuri Security
This plugin provides website monitoring, malware removal, and all other website security services you might require. In a nutshell, these are the web’s superheroes who will save the day for any website owner.
The Sucuri site check scanner scans your website automatically to ensure it is free of malware, suspicious redirects, iframes, and link injections, among other things. You can manually control how often the scanner checks for malware and blacklisting, as well as content changes in core files, WHOIS changes, and DNS changes. Furthermore, the security scanner ensures that your website is not blacklisted by Google, Norton, PhishTank, Opera, SiteAdvisor, Yandex, and, of course, Sucuri.
How to use Succuri Security?
- Use the Sucuri plugin to scan your system’s core files and replace or delete any that have been modified or are no longer needed.
- Replace all free plugins, reset user passwords, and reset encryption salts using the Sucuri plugin’s Post Hack tab and Site Audit tab.
- Premium plugins should be re-uploaded.
- With a fine-tooth comb, go over the contents of each folder in the wp-content folder (except the individual plugin folders which you would have replaced in step 2 above).
- Evaluate each and every theme file carefully.
- Delete unused themes and plugins.
- Comb through your uploads folder carefully.
- Examine your .htaccess file and any other files in the public HTML folder that you didn’t replace manually.
Protecting Your WordPress Site From Malware in the Future
Keep WordPress up-to-date
WordPress is an open-source program that is updated and maintained regularly. WordPress installs minor updates automatically by default. You must manually start the update for major releases.
WordPress also comes with a library of thousands of plugins and themes that you can use to customize your site. Third-party developers maintain these plugins and themes, and they release updates regularly.
These WordPress updates are critical for your WordPress site’s security and stability. Check to see if your WordPress core, plugins, and themes are all up to date.
Reset user passwords
It’s critical that you change the passwords for all of your WordPress site’s access points. This includes your database, FTP/SFTP, SSH, cPanel, and WordPress user accounts.
For all of your systems, you should keep the number of admin accounts to a bare minimum. Apply the principle of least privilege. Give people only the access they need to complete the task at hand for as long as they need it.
Keep File and Folder Permissions at a Minimum
One of the first things you should do when you realize your site contains malware is reset file and folder permissions to the default settings. Doing so will deny all unauthorized users access to folders and files they’re not supposed to see.
Most importantly, the number of users with access to the site’s server should always be kept at the minimum because having too many team members with admin-level access to a website can compromise its security.
Once you reset file and folder permissions to default settings, the number of wp-content folder permissions should be 755 and the number of file permissions should 644.
Set regular backups
Website backups, like computer backups, should be done on a regular basis. It’s pointless to restore your site from a backup that’s several years old.
Backups should be done on a daily or weekly basis in the best-case scenario. The frequency with which you update your website will determine whether you use daily or weekly updates. If you only publish a single blog post per week, and that’s the only update you make to your site, then weekly backups will suffice.
It’s difficult to imagine how it feels to lose all of your website data until you’ve experienced it firsthand. Whatever the case may be, it isn’t a pleasurable experience. More importantly, it’s something that can be completely avoided if you use the right online backup software.
Get Rid of Symlinks
Although they’re useful, most websites don’t need symbolic or soft links to function properly. Keeping these files on the server can potentially be a liability because hackers can use them as gateways into your website.
Depending on the FTP software you’re using symlinks will either be marked with an arrow in the lower left part of the folder icon or a question mark displayed over a folder icon. You can use the Secure Shell (SSH) to unlock symlinks and make them inaccessible to hackers.
Use official platforms only
Keep in mind that WordPress is an open-source platform, so you shouldn’t be surprised if you encounter unsecured plugins and themes. Because they’re free, these are appealing to new website owners.
The ones in public collections, on the other hand, should not be used. Instead, use plugins from the WP plugin directory, which includes both free and paid plugins. You can also purchase a license from a reputable developer who will keep you up to date with security patches and updates.
Invest in a reliable WordPress hosting service
Server-level firewalls and intrusion detection systems should be installed prior to installing WordPress on the server to ensure that it is well-protected even during the WordPress installation and website development phases. To maintain optimal performance, all software installed on the machine to protect WordPress content should be compatible with the latest database management systems.
Scan your website
You should check your site for malware if you notice a sudden drop in traffic, strange performance issues, or suspicious behavior.
Even if everything appears to be in order, it’s a good idea to run a malware scan on a regular basis.
Some hacks operate invisibly behind the scenes, so webmasters may be unaware that something is wrong. That is until the damage is done, such as Google removing your site from search results due to security issues or being blacklisted, resulting in a significant loss of revenue and reputation.
That’s why it’s critical to scan your website for malware on a regular basis.
Enable WordPress firewall
Setting up a web application firewall is another important WordPress security measure (WAF). Your WAF is the first line of defense against malicious attacks, stopping them before they reach your website.
WordPress firewall plugins defend your site from hacking, brute-force attacks, and DDoS attacks.
Make Sure You Have an SSL Certificate Installed
This is a basic but essential security measure for most websites. It safeguards data by encrypting the data you and your users use and transfer via a website. For example, when someone submits a contact form or uses login in web pages, the transferred data remains encrypted. With SSL installed on a website, secure login can be ensured even while traveling. While some hosts and hosting plans provide this for free, others require you to use a separate SSL plugin for that purpose.
Frequently Asked Questions about Removing Malware From a WordPress Website
How Do I Check for Malware on My WordPress Website?
Detecting malware manually is difficult and there’s a high chance you’ll miss some of the signs that indicate your site is infected. Using a URL scanner is a more efficient option that can help you find out if your website was flagged for malware.
Alternatively, you can install a malware removal plugin and use it to check if your WordPress website has a virus or malicious software. These plugins have the Scan function that enables them to analyze all website files and detect harmful ones.
Some malware removal plugins for WordPress allow users to adjust scanning frequency and decide if they want to perform scans daily or weekly.
How Do I Remove a Virus From My WordPress Site for Free?
You can download Sucuri Security, Wordfence Security, and MalCare Security plugins from the WordPress plugin repository for free.
These plugins let you scan your site and delete all detected viruses. All you need to do is navigate to the malware removal plugin’s panel on your website’s dashboard, click the Scan button, and delete all infected files.
What ’s more, some plugins have the Auto-Clean option that deletes all suspicious files as soon as the scanning process is completed.
Deleting a virus from a WordPress site manually doesn’t have to cost you a cent if you’re prepared to dedicate enough time and effort to identifying and solving the problem.
How Do I Manually Remove Malware from My Website?
You shouldn’t attempt to manually remove malware from your website unless you’re a seasoned coder who can recognize malware code.
The process starts with taking the site offline and preventing the malware from spreading. Afterward, you must detect the root of the problem and replace the infected files. Hence, you must either use the site’s backup or reinstall the WordPress core files.
It’s advisable to create backups whenever you alter a file in the site’s database so that you can go back to an earlier version of your website in case something goes wrong. Finally, you must test if all functions work before putting a site back online.
How Do I Remove Malware from My WordPress Site’s cPanel?
You should start by scanning a website for malware. Once you determine a site is infected, you should go to the cPanel and change your login credential to eliminate the chances of further cyberattacks.
- Proceed to download the WordPress to a local drive, extract the file and delete everything except the wp-content folder and wp-config.php file
- Open the wp-content folder using the cPanel’s File Manager and delete the Plugins folder and the index.php file.
- Open the wp-config.php file with File Manager.
- Search for malicious code and delete it
- Reinstall the WordPress core files.
Wrapping Up!
Being proactive about your website’s security is your best defense as cybercrime and malware evolve. Whether you use manual methods to check for malware or use an automatic website scanner, learning the various ways to look for malware will help your website become more secure.
Incorporating all the information above will make an extreme, positive impact on your business/website. Learn more about caring for your website by following us.
Backing up WordPress is really essential for every WordPress users. Everyone who has ever lost any data knows the importance and value of a good backup.
Backup can save wordpress haked blogs very easily and after restoring the backups we can find the loop holes in themes or plugins or anyother effected scripts.
Thanks for sharing this useful article.
Good stuff, Noumaan.
Restoring the blog is a good option to get the website up at the earliest state but one should make sure to investigate the malware / viruses. Last year, one of my blogs got hacked, it was an malware script that was sucking up all the search engine traffic. So, it’s important that one should investigate the malware and remove it.
Thanks @disqus_uduH8VgnvP:disqus , I had a hacked website too I restored backup but the malware was still there so in the end I had to find it and fix it manually. It was also a great learning experience for me.
@google-1d2b3d424d082c82cb66de6f3b7b668e:disqus was it in just one comment? did you have akismet enabled? Did you approve that comment your blog has comments on auto approve?
We’ve had problems with a particular virus, which would redirect search engine users to their site.
It used wp_encode function. Since then, I’ve always kept backups. Plus we’ve started implementing security hacks in the htaccess file. It has helped a lot.
for backup i use dropbox plugins… 24/7 backup :)
anyway thanks for ur excellent post
Very good post. I will be dealing with some of these issues as well.
.
Or, it was wonderfull, like reinvent the wheel. Dont tell me the tip to investigate and remove malware is yourself investigate and remove the malware?