So the first thing you need to do to remove malware from WordPress is calm down and take a deep breath. Yes this is not a fun topic to talk about but the good news is we are going to provide you some details and some easy steps to get your site clean and running smoothly again. Does that sound like a good plan?
So before we dive into these quick steps let’s talk a little bit about WordPress infections. A lot of people out there will say that WordPress is not a stable platform and gets infected all the time. Let’s just stop that type of negative talk right now. WordPress at its core is a very safe and secure platform. What makes it unsafe and vulnerable is the third-party plugins and themes that people install and activate on their site. Many of these plugins and themes either are not updated and supported regularly or in some really bad cases the developer of these third-party plugins and themes will inject malicious code in order to infect your website.
Many times a WordPress website will get infected because the owner or the manager of the site is simply not completing their software updates. Keeping the software that runs on your WordPress website updated is so important to the safety and security of the website as a whole. Not doing so can create vulnerabilities which will allow hackers an easy way to get into your website files and your database and cause harm. It is also important you meet the hosting requirements for WordPress.
Let us also clear up the fact that there is no website that is completely safe from harm online. If there is a website that people can access in a browser on the Internet, that website could potential be hacked and infected with malware. So just to clarify what we just stated, the only website that would ever be 100% safe from a malware attach would be a website that is not online. Furthermore attackers are getting more and more advanced in how they target and infect a website. This is why it is so important for you to take the security of your site very seriously. Many people think about WordPress security after something bad happens. We want to educate you and keep you informed so you can be proactive in your WordPress security efforts so that you are not dealing with it after something bad happens but rather before.
So let’s get into the five quick steps that you can take action on right away to clear an infection from your WordPress site. And after we do so we are going to provide you some more information that will help you keep your site safe and secure from future attacks. Let’s get into it.
So the below steps are laid out in a way for you to take action immediately. These steps are outlined and useful only if your website is still accessible online. What we mean by this is that your hosting company has not disabled your account. In some situations a hosting company, once they have identified your website is infected, will shut it down. This means that it will not be accessible online and they do this so that the site does not infect other websites of customers on the same server. If your site has been disabled by your hosting company please click on the URL below to follow a different article that we wrote about the quickest way that you can get that block removed and get your website back up and running and remove malware from WordPress.
Steps to Remove Malware from WordPress
Step 1: Ask You Hosting Company To Help
So this is the very first step that you should always take in a situation like this. We all pay either a monthly or an annual fee to our hosting company to host and serve our website online to our visitors. With this payment that we give them, it gives us support. We need to take advantage of that support when we are in a situation where our WordPress website is not functioning as it should be.
Your hosting company should be the first line of communication when you are trying to remove malware from WordPress. Simply contact them and ask them to do a scan of your hosting account to return the results of the malicious files that are infected with malware. In some cases you may even be paying for a service that will include cleaning out all of the infections in your account. In other cases they may have a service that you can purchase to do so. This is the time where we also want to say that we have our own service which will do exactly what any other infection cleanup services offer at a very affordable price. See details at WordPress Malware Removal Service.
Step 2: Audit Your Server Files
So let us assume that step one here was not enough to get your website fully clean and remove all the WordPress malware. Now you need to take some action on doing this yourself. The first thing you want to do is you want to look at all the files that are within your hosting account. There are two locations were a hacker can inject malicious code. The first location is the actual files that your website uses to function or any of the files that reside on your server inside of your hosting account. The other area where a hacker can infect your site with malware is inside of the database. The database of your WordPress site is the area that stores all the information and the content for your website.
In this step you are simply going to want to look at all the files within your hosting account. Now most hosting accounts have a control panel or a cPanel. In this area you can access what is called a file manager. This will give you an in-depth look at all the files that are within your hosting account. You need to audit these folders and these files and decipher what is actually being used for your website and what you have no idea is and should not be there. The files that are not needed or not recognized need to be deleted.
If you are unsure what you are looking at and what you need it’s important that you work with somebody that can do this for you or has the exact information so you do not delete something that needs to be used in order for your website to function.
For information on the file structure for a install of WordPress see please see the URL below.
Step 3: Re-Install WordPress Core Files
All right we are getting closer to a clean and secure well functioning WordPress website. In this step we are going to make sure that our core WordPress files are the most updated version and contain absolutely nothing malicious.
What you will need to do in this step is remove all of the WordPress core files and then reinstall a fresh copy.
This is where it might get a little difficult for the beginner user. No need to worry though as we put together a very detailed article on a few different ways of how you can install WordPress core files. Please see this article in detail at the URL below.
Step 4: Scan Entire Hosting Account For Malware
This is so cool as we are nearing the homestretch of having a clean and secure WordPress website. You see we told you at the beginning that it was not gonna be that hard to remove malware from WordPress.
So at this point we have made certain that all of our core WordPress files are clean and do not have any malicious code within them. That doesn’t leave us safe with all the other files that are on the server and the database that is being used to run the website. So in order to check all of those we need to run an infection scan on the server and the database.
Follow the steps below to complete an on site scan:
- Install a plugin called “FREE WordPress Infection Scanner Plugin“
- Activate plugin and head over to scan settings
- Run full scan and quarantine files that return as threats
Step 5: Enhance Your Site Security
OK we are on the very last step of how to remove malware from WordPress. Give yourself a pat on the back for making it through the first four steps. Great work. Now this step is actually the most important. This is going to ensure that our website is more protected and not as vulnerable as it was before when it was infected. It is so important that you put a lot of focus and energy into this step.
One of the biggest things that you can do to protect your website from future infections is to change all of the password login information that has to do with every single account related to your website. This not only includes the login to your actual website administrative area but also the login details to your hosting company and to your database. Also f you are using any type of extra service that is tied or connected to your website make sure that you change all of the password information to these accounts. If you have other users beside yourself in any of the accounts related to your website you need to also change the passwords on those as well.
It is also very important that your website is loading in HTTPS. This has many security benefits and not only will it help secure your website from future attacks it will also help serve the website faster online.
Please pay close attention to the list of items below that will further protect and secure your website so you will never have to deal with how to remove malware from WordPress ever again.
Items you MUST complete to further protect from future infections :
- Audit list of website users and remove any you do not recognize
- Change passwords of all remaining users
- Audit list of FTP users and remove any you do not recognize (make sure you know how to do this as you can delete your site if not)
- Change FTP passwords of all remaining users
- Kill all FTP connections to the site (please ask your hosting company if you are unsure what this is)
- If you have a web hosting panel, change the password
- Run a local infection scan on your computer (if you do not have a malware scanner use free software at https://www.malwarebytes.org/dl-confirm)
If this all seems a bit overwhelming for you and too much work to take on yourself we have a service that we can jump into action right away and get your website cleaned and secure. Please see the details below and we look forward to answering any questions you have in the comment area below. Carry-on and happy WordPress-ing.