July 7, 2021 by Paul G. | WordPress Solutions

Easy How-To Guide For Removing Malware From Your WordPress Website

Shield Image

Malware can be a word that sends chills down your spine, but it is something that you should not be afraid of. If malware has infected your website files or database, then there are steps you can take to clean up the malware and get back on track with running your business. In this blog post, we will discuss how to remove malware from WordPress websites in order to make sure that everything is clean and safe for visitors again!

What to do if you can still log in to your WordPress admin panel

Step One: Check If Your Website Is Hacked

If you don’t have a security system in place that alerts you of malware there are a couple of simple manual ways that you can check to see if your website has been hacked.

  1. Visit the WordPress dashboard by going to “admin” with your URL followed by “/wp-login”. If WordPress does not allow you accesss and redirects back to another page or domain, this means that someone may have hacked WordPress and you will need to follow the steps below.
  2. If WordPress does not allow you access to your site’s url at all and it redirects to another page or domain, this means that someone may have hacked WordPress and you will need to follow the steps below.

Since you shouldn’t leave their website unprotected, we recommend having a secuirty solution installed at all times. Preferably you’d want one that automatically scans, cleans, and repairs your site such as the ShieldFREE and ShieldPRO plugin. When malware is found they also log the infection so you can see what is actually going on with your site.

Step Two: Make Sure That All Updates Are Installed

The first step in removing malware from WordPress websites is to make sure that all updates are installed. Updating WordPress can help you remove any security vulnerabilities and patches for the WordPress software itself, which helps to prevent a problem before it happens.

To update your WordPress site visit the WordPress dashboard. From there click on “Updates”, then select how many plugins need updating (if applicable), and finally click on “Update Plugins Now.”

On that same updates screen, if any theme needs updating or if there is an update for WordPress itself be sure to update them.

A good security measure is to reinstall your WordPress version if you think there might be a malware injection.

Step Three: Disable Plugins And Temporarily Delete Additions On-Site

In order to properly diagnose where the malware could be coming from, it is important to temporarily disable any WordPress plugins or additions that your website uses. To do this visit the WordPress dashboard. From there click on Plugins from the sidebar menu. Find all of the WordPress plugins you are using and then follow their instructions for disabling them in order to clean up malware.

What to do if you can not log in to your WordPress admin panel or install a security plugin

If you have a backup

  • Restore your files and database with a backup that allows you to log in and access the WordPress dashboard

If you don’t have a backup

  • Download/take a backup of your files in the /wp-content folder and then download a backup of your database
  1. Change all passwords for backend credentials immediately
  2. Log in using FTP software if allowed; Delete any malware found before restoring previous uploads of clean content 
  3. Check file permissions settings and make sure they are what they should be or set them up according to standard values if necessary.
  4. Using WordPress or another web editor, disable the plugins that are not currently in use on-site
  5. If you need to completely clean your codebase or you can’t find all the infected files:
    1. The easiest way to clean your codebase is to download the latest version of WordPress
    2. Download/save these core files from your hacked website:
      1. wp-content/uploads folder
      2. If you have a child theme download it’s folder & files
      3. If you have a custom plugin(s) download it’s folder & files
      4. In the root directory, your wp-config.php file 
      5. In the root directory, your .htaccess file 
    3. Be sure to check all of the files you downloaded for malicious code. If you find anything abnormal, backup that file then remove the code from the infected files before you save them.
    4. Change your security keys:
      1. Open your wp-config.php file use the online generator to generate new keys for the file. You don’t have to remember the keys, just make them long, random and complicated.
      2. You can change these at any point in time to invalidate all existing cookies.
      3. This does mean that all users will have to login again.
    5. Once you have all the above core files in a safe location, checked them for malware and changed the secuirty keys, delete all the files from the root directory of your website.
    6. After you delete all the files, upload the fresh WordPress files in the root directory.
    7. When the WordPress files are done uploading, upload the core files you saved from your hacked website to the appropriate directory in your codebase.
    8. Once all the files are uploaded, you should be able to login to your site. If not, check your .htaccess file for any redirects or settings that might hinder it. Sometimes you might have to use the basic .htaccess file until you get your website up and running.
    9. Since you did not reupload your plugin files, you might need to go and reinstall them fresh from the WordPress repository in the Plugins menu. The ones missing should be listed when looking at your plugins page. Be sure to save that list, or reference your backup files to see which ones you need to reinstall. Try not reupload old plugin files, they might be infected with malware.
  6. Choose new usernames and passwords for your WordPress admin users

Resources

Backup plugins/services:

  1. Updraft
  2. Back WP Up
  3. Your hosting provider
    1. We have a full comparison of our top options with features. Click here to read.

Malware removal plugins/services:

  1. Click here to read our full comparison of the top malware removal and security plugins.
  2. If you don’t want to read it, our ShieldFREE and ShieldPRO plugins offer the best overall security measures and pricing so that you don’t have to worry about your website going down from a hack. It scans and cleans your site automatically for you!

If you have further questions about anything in particular here just shoot us a message or leave a comment on this post!

To get quick help and advice from your Shield community, jump into our Facebook group.

Until next time.

Paul and the team.

ShieldPRO Testimonials
@morfeusz's Gravatar @morfeusz

Profesjonalne narzędzie

Używam już tej wtyczki od dobrych kilku miesięcy. Naprawdę warto ją conajmniej przetestować i sprawdzić jak dobrze chroni naszego WordPressa : )

@pocbooks's Gravatar @pocbooks

Does what it says

One of the best!

@dianemk's Gravatar @dianemk

Definitely deserves 5 stars

I’ve been using Shield since I first started using WP around 6 years ago. Security is my least favourite part of WP and the aspect that I find most confusing when trying to compare products. I did have a moan about Shield a couple of years ago when it didn’t…

@sergiorosa's Gravatar @sergiorosa

Deliver more than promised

If you are looking for a security plugin, a firewall, a way to prevent users to trash their own site, a astonishing support, than you’re in the right place. Shield Security just delivers all that and even more. We had an issue related with the plugin and our website and…

Hey there handsome! Do you like what you've read here? :)

If this cool feature is something you'd like, but you haven't gone PRO yet, click here to get started today. (no risk, with a 14-day satisfaction guarantee!)

You'll get all PRO features, including Malware Scanning, WP Config Protection, Plugin FileGuard, import/export, customer support, and so much more. Not only that, you'll get that warm, fuzzy feeling that comes from supporting our work and future development.

Follow Your Dreams (and go pro) →

Comments (2)

    Do you scan and clean malware with de Pro version?

      Hi,

      Shield’s Malware scanner will examine every single PHP file on your site (WP core, plugins, themes – including premium ones).

      If there’s code in there that could be malicious, it gets flagged. You can schedule the scanner to run, remove, and repair files automatically as often as every hour.

      Thanks,

      Jelena

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese