Malware can be a word that sends chills down your spine, but it is something that you should not be afraid of. If malware has infected your website files or database, then there are steps you can take to clean up the malware and get back on track with running your business. In this blog post, we will discuss how to remove malware from WordPress websites in order to make sure that everything is clean and safe for visitors again!
What to do if you can still log in to your WordPress admin panel
Step One: Check If Your Website Is Hacked
If you don’t have a security system in place that alerts you of malware there are a couple of simple manual ways that you can check to see if your website has been hacked.
- Visit the WordPress dashboard by going to “admin” with your URL followed by “/wp-login”. If WordPress does not allow you accesss and redirects back to another page or domain, this means that someone may have hacked WordPress and you will need to follow the steps below.
- If WordPress does not allow you access to your site’s url at all and it redirects to another page or domain, this means that someone may have hacked WordPress and you will need to follow the steps below.
Since you shouldn’t leave their website unprotected, we recommend having a secuirty solution installed at all times. Preferably you’d want one that automatically scans, cleans, and repairs your site such as the ShieldFREE and ShieldPRO plugin. When malware is found they also log the infection so you can see what is actually going on with your site.
Step Two: Make Sure That All Updates Are Installed
The first step in removing malware from WordPress websites is to make sure that all updates are installed. Updating WordPress can help you remove any security vulnerabilities and patches for the WordPress software itself, which helps to prevent a problem before it happens.
To update your WordPress site visit the WordPress dashboard. From there click on “Updates”, then select how many plugins need updating (if applicable), and finally click on “Update Plugins Now.”
On that same updates screen, if any theme needs updating or if there is an update for WordPress itself be sure to update them.
A good security measure is to reinstall your WordPress version if you think there might be a malware injection.
Step Three: Disable Plugins And Temporarily Delete Additions On-Site
In order to properly diagnose where the malware could be coming from, it is important to temporarily disable any WordPress plugins or additions that your website uses. To do this visit the WordPress dashboard. From there click on Plugins from the sidebar menu. Find all of the WordPress plugins you are using and then follow their instructions for disabling them in order to clean up malware.
What to do if you can not log in to your WordPress admin panel or install a security plugin
If you have a backup
- Restore your files and database with a backup that allows you to log in and access the WordPress dashboard
If you don’t have a backup
- Download/take a backup of your files in the /wp-content folder and then download a backup of your database
- Change all passwords for backend credentials immediately
- Log in using FTP software if allowed; Delete any malware found before restoring previous uploads of clean content
- Check file permissions settings and make sure they are what they should be or set them up according to standard values if necessary.
- Using WordPress or another web editor, disable the plugins that are not currently in use on-site
- If you need to completely clean your codebase or you can’t find all the infected files:
- The easiest way to clean your codebase is to download the latest version of WordPress
- Download/save these core files from your hacked website:
- wp-content/uploads folder
- If you have a child theme download it’s folder & files
- If you have a custom plugin(s) download it’s folder & files
- In the root directory, your wp-config.php file
- In the root directory, your .htaccess file
- Be sure to check all of the files you downloaded for malicious code. If you find anything abnormal, backup that file then remove the code from the infected files before you save them.
- Change your security keys:
- Open your wp-config.php file use the online generator to generate new keys for the file. You don’t have to remember the keys, just make them long, random and complicated.
- You can change these at any point in time to invalidate all existing cookies.
- This does mean that all users will have to login again.
- Once you have all the above core files in a safe location, checked them for malware and changed the secuirty keys, delete all the files from the root directory of your website.
- After you delete all the files, upload the fresh WordPress files in the root directory.
- When the WordPress files are done uploading, upload the core files you saved from your hacked website to the appropriate directory in your codebase.
- Once all the files are uploaded, you should be able to login to your site. If not, check your .htaccess file for any redirects or settings that might hinder it. Sometimes you might have to use the basic .htaccess file until you get your website up and running.
- Since you did not reupload your plugin files, you might need to go and reinstall them fresh from the WordPress repository in the Plugins menu. The ones missing should be listed when looking at your plugins page. Be sure to save that list, or reference your backup files to see which ones you need to reinstall. Try not reupload old plugin files, they might be infected with malware.
- Choose new usernames and passwords for your WordPress admin users
- Back WP Up
- Your hosting provider
Malware removal plugins/services:
- Click here to read our full comparison of the top malware removal and security plugins.
- If you don’t want to read it, our ShieldFREE and ShieldPRO plugins offer the best overall security measures and pricing so that you don’t have to worry about your website going down from a hack. It scans and cleans your site automatically for you!
If you have further questions about anything in particular here just shoot us a message or leave a comment on this post!
To get quick help and advice from your Shield community, jump into our Facebook group.
Until next time.
Paul and the team.
Have been using for a couple of years now and have had no problems.
Simply the best security plugin I ever tried
I can’t believe this is free. I’ve tried all the security plugins and even paid $60 for a premium one, and this is by far the very best. Can’t recommend it highly enough.
Well… Now this is a thing!
Started using this to build a website for my wife’s company. And now I keep trying to think of something else I make a site for. Love Worpress
Many thanks for this plugin. Love much
Hey there gorgeous! Do you like what you've read here? :)
If this cool feature is something you'd like, but you haven't gone PRO yet, click here to get started today. (no risk, with a 14-day satisfaction guarantee!)
You'll get all PRO features, including Malware Scanning, WP Config Protection, Plugin FileGuard, import/export, customer support, and so much more. Not only that, you'll get that warm, fuzzy feeling that comes from supporting our work and future development.
Do you scan and clean malware with de Pro version?
Shield’s Malware scanner will examine every single PHP file on your site (WP core, plugins, themes – including premium ones).
If there’s code in there that could be malicious, it gets flagged. You can schedule the scanner to run, remove, and repair files automatically as often as every hour.
If wp is installed in a directory and malware is getting placed in the index file in the root, can security plugins or app firewalls prevent the uploads of malware to the root?
The Malware scanner will discover all sorts of malware patterns embedded in your PHP files, wherever they’re hidden on your WordPress site.
It focuses on the following:
– automatic repair of WordPress core files
– automatic repair of WordPress.org plugins and themes
If your index.php file is modified – infected with malware, it’ll be detected by the scanner instantly. Scanner will also detect malware files injected into root. Here are examples (modified/malware infection in the index.php file and malware file injected to the root /public folder):
If you’d like to get more information about our Malware Scanner, please feel free to check out our blog post here.