How to Remove Malware from WordPress Site

WordPress is the ultimate CMS for anyone who wants to create and manage their own website. It’s open-source, user-friendly, and versatile. Whether you are a beginner or a pro, you’ll find WordPress easy and fun to use.

But there’s a downside to being so popular. WordPress is also a magnet for cyberattacks, especially malware.

Malware is malicious software that hackers create to sneak into your computer network and steal or damage your data or resources It can ruin your website’s performance, reputation, and security.

That’s why you need to know how to remove malware from your WordPress site as soon as you detect it. In this article, we will show you how to do it in simple steps.

Are you ready?

Let’s dive in!

How to detect Malware in WordPress Site?

To effectively remove malware from WordPress site, it’s essential to begin by understanding how to identify malware. After confirming the presence of malware on your site, you can proceed with the necessary steps for their removal.

Here are some ways to find out if your site has malware:

• Use a security Plugin: You can install a security plugin on your WordPress site that can scan for malware. Some examples are —Wordfence Security, Sucuri Security, and MalCare. These plugins will look for malware patterns and abnormal files on your site.

• Monitor your site for changes: You should check your WordPress files and database regularly for any changes that you did not make. You can access your files through your web host or an FTP client. You should also check the user accounts and delete any that you do not recognize.

• Watch out for suspicious activity: You should review your site’s access logs for any signs of malicious activity, such as multiple login failures or strange requests. You can use a plugin or view the logs through your web host or web server.

• Scan your site online: You can use an online scanner to check your site for malware. Some examples are VirusTotal and Quttera. These scanners will compare your site with a database of known malware and detect any suspicious code.

9 steps to remove malware from WordPress Site

Once you’ve detected malware, the immediate thing to do is panic…

No, we’re just kidding!

All you need to do is follow a few steps and your site will be up and running in no time!

1. Scan Your WordPress Website

When you see any unwanted activity on your WordPress site first and foremost scan your website. There are plenty of scanning plugin options for malware scanning. You can use any of them and start scanning your website.

After scanning you will see the status and based on that you can decide what to do next.

2. Backup your WordPress site and database

Now you need to back up your WordPress site and all databases. To do that go to your hosting account and open cPanel. Then go to your File Manager, under public_html click on Select All, and compress all files.

Then select compress type (Zip Archive) and click on the Compress File button.

All files will download as a zip file within a minute. Now you need to download this zip file. To do so select the zip file and click on the Right Touchpad Button and download it.

And now you need to back up website database. To do so click on phpMyAdmin under Database select the file you want and then download it to your computer and you are all done!

Remember you should keep a backup of the wp-config.php file, wp-content folder, .htaccess file, and database.

3. Remove all files from public_html folder

After checking your site’s backup, delete all the files in your public_html folder under the File Manager except the cgi-bin folder or any server-related folders. If you have another website that is hosted on the same server follow the same pattern for this also.

4. Reinstall WordPress and keep up-to-date

61% of WordPress website is hacked because of its outdated versions. Updating your CMS can eliminate vulnerabilities.

Follow some checklist that requires updating:

• WordPress version: It is recommended that users should upgrade their WordPress version to the most recent release. To do so go to the website Dashboard and go to the Update section and re-install the latest version.

• PHP version: Next is to update your PHP version when you are done with Thesems and Plugin. Updating the PHP version is essential if you want to secure your website and protect it from malware.

• WordPress themes and Plugins: Reinstall your necessary plugins and themes from the website Dashboard. Keep in mind that do not install old versions of your themes or plugins. If you see that the plugin or theme that you want to install is not up to date, go for an alternative one. 

5. Reset Passwords

Another important thing you should do is change all the passwords that are related to your website.

• Update the passwords at the administrator level of all users
• Modify the password of the server panel
• Change the FTP Credentials even if you don’t use them frequently
• And eventually, change the user’s password for the database

The last two steps can be done from CPanel or the control panel provided by your hosting company.

If you use CPanel, go to the Database, click on MySQL Databases, click on Current Users, and then click on Change password. Once you’ve changed it, you need to update it in the wp-config.php file. To do this paste this code after <?PHP

/** Database password */
define( 'DB_PASSWORD', 'password_here' );

6. Install security plugins

WordPress sites must be protected from malware by installing WordPress security plugins that identify and mitigate common vulnerabilities like WordPress SSRF (Server-side request forgery) attacks. These plugins can continuously detect and block fraudulent requests, preventing them from exploiting website code vulnerabilities.

7. Switch your hosting service

After you’ve gone through all the trouble of cleaning up your WordPress site, it may be time to look into alternative hosting options. Initially, contact your existing hosting provider, if they are unable to adequately handle your concerns, it may be time to choose a new hosting provider that provides greater reliability and improved customer care.

8. Detect and delete hidden backdoors

Hackers might put backdoors into files to make your WordPress site less secure, so you should clear off any hacked files. This entry area is usually part of files that have the same name as your regular WordPress files but with the wrong path. 

You’ll need to check popular files and folders like wp-content/plugins, wp-content/uploads, and wp-content/themes to find and close any hidden backdoors on your WordPress site. When checking these files, you should look for a number of PHP functions such as:

• base64
• gzuncompress
• assert
• stripslashes
• Move_uploaded_file
• str_rot13
• system 
• preg_replace (with /e/)
• Exec
• Eval

The command helps locate PHP files to identify specific suspicious function calls, possibly pointing to backdoors or malicious code within your WordPress files.

find . -type f -name '*.php' | xargs egrep -i "(mail|fsockopen|pfsockopen|stream_socket_client|exec|system|passthru|eval|base64_decode) *("

Using this command, you can determine if .jpg image files have been manipulated with PHP code, potentially indicating the presence of backdoors or malicious content.

find wp-content/uploads -type f -iname '*.jpg' | xargs grep -i php

This command helps to identify whether any PHP files contain HTML <iframe> elements, which can be used by attackers to embed malicious content or links within a website.

find . -type f -name '*.php'| grep -i '<iframe'

9. Remove security warnings from Google Console

After completing the all mentioned steps, your WordPress site should be free of malware. Now, simply reindex your site with Google. 

Utilize Google Search Console by heading to Security & Manual Actions -> Security issues. Opt for “I have fixed these issues” and request a review for Google to assess and reindex your site. 

Note that Google’s processing might take a few days.

Protect your WordPress site from future malware attacks

So, You have learned how to remove malware from WordPress site, but that’s not the end of the story. Malware can strike again if you don’t take precautions. How can you avoid becoming a victim of malware again? Here are some tips to follow:

• Ensure regular updates of your WordPress core, plugins, and themes to maintain security, fix bugs, and prevent potential exploitation by hackers

• Use strong passwords and permissions in WordPress, apply unique credentials for admin, FTP, and database

• Install a security plugin to scan for malware, block malicious requests, and enhance site protection

• Use SSL/HTTPS to encrypt the data between your website and your visitors’ browsers

• Backup your site regularly to restore your site in case of a malware attack or any other disaster

• Back up your site files and database regularly and store them in a safe location

• Limit user access and roles to prevent unauthorized changes

We hope this helps you keep your website safe and secure from malware attacks. If you have any questions or feedback, let us know in the comments!