Malware can be a word that sends chills down your spine, but it is something that you should not be afraid of. If malware has infected your website files or database, then there are steps you can take to clean up the malware and get back on track with running your business. In this blog post, we will discuss how to remove malware from WordPress websites in order to make sure that everything is clean and safe for visitors again!
What to do if you can still log in to your WordPress admin panel
Step One: Check If Your Website Is Hacked
If you don’t have a security system in place that alerts you of malware there are a couple of simple manual ways that you can check to see if your website has been hacked.
- Visit the WordPress dashboard by going to “admin” with your URL followed by “/wp-login”. If WordPress does not allow you accesss and redirects back to another page or domain, this means that someone may have hacked WordPress and you will need to follow the steps below.
- If WordPress does not allow you access to your site’s url at all and it redirects to another page or domain, this means that someone may have hacked WordPress and you will need to follow the steps below.
Since you shouldn’t leave their website unprotected, we recommend having a secuirty solution installed at all times. Preferably you’d want one that automatically scans, cleans, and repairs your site such as the ShieldFREE and ShieldPRO plugin. When malware is found they also log the infection so you can see what is actually going on with your site.
Step Two: Make Sure That All Updates Are Installed
The first step in removing malware from WordPress websites is to make sure that all updates are installed. Updating WordPress can help you remove any security vulnerabilities and patches for the WordPress software itself, which helps to prevent a problem before it happens.
To update your WordPress site visit the WordPress dashboard. From there click on “Updates”, then select how many plugins need updating (if applicable), and finally click on “Update Plugins Now.”
On that same updates screen, if any theme needs updating or if there is an update for WordPress itself be sure to update them.
A good security measure is to reinstall your WordPress version if you think there might be a malware injection.
Step Three: Disable Plugins And Temporarily Delete Additions On-Site
In order to properly diagnose where the malware could be coming from, it is important to temporarily disable any WordPress plugins or additions that your website uses. To do this visit the WordPress dashboard. From there click on Plugins from the sidebar menu. Find all of the WordPress plugins you are using and then follow their instructions for disabling them in order to clean up malware.
What to do if you can not log in to your WordPress admin panel or install a security plugin
If you have a backup
- Restore your files and database with a backup that allows you to log in and access the WordPress dashboard
If you don’t have a backup
- Download/take a backup of your files in the /wp-content folder and then download a backup of your database
- Change all passwords for backend credentials immediately
- Log in using FTP software if allowed; Delete any malware found before restoring previous uploads of clean content
- Check file permissions settings and make sure they are what they should be or set them up according to standard values if necessary.
- Using WordPress or another web editor, disable the plugins that are not currently in use on-site
- If you need to completely clean your codebase or you can’t find all the infected files:
- The easiest way to clean your codebase is to download the latest version of WordPress
- Download/save these core files from your hacked website:
- wp-content/uploads folder
- If you have a child theme download it’s folder & files
- If you have a custom plugin(s) download it’s folder & files
- In the root directory, your wp-config.php file
- In the root directory, your .htaccess file
- Be sure to check all of the files you downloaded for malicious code. If you find anything abnormal, backup that file then remove the code from the infected files before you save them.
- Change your security keys:
- Open your wp-config.php file use the online generator to generate new keys for the file. You don’t have to remember the keys, just make them long, random and complicated.
- You can change these at any point in time to invalidate all existing cookies.
- This does mean that all users will have to login again.
- Once you have all the above core files in a safe location, checked them for malware and changed the secuirty keys, delete all the files from the root directory of your website.
- After you delete all the files, upload the fresh WordPress files in the root directory.
- When the WordPress files are done uploading, upload the core files you saved from your hacked website to the appropriate directory in your codebase.
- Once all the files are uploaded, you should be able to login to your site. If not, check your .htaccess file for any redirects or settings that might hinder it. Sometimes you might have to use the basic .htaccess file until you get your website up and running.
- Since you did not reupload your plugin files, you might need to go and reinstall them fresh from the WordPress repository in the Plugins menu. The ones missing should be listed when looking at your plugins page. Be sure to save that list, or reference your backup files to see which ones you need to reinstall. Try not reupload old plugin files, they might be infected with malware.
- Choose new usernames and passwords for your WordPress admin users
- Back WP Up
- Your hosting provider
Malware removal plugins/services:
- Click here to read our full comparison of the top malware removal and security plugins.
- If you don’t want to read it, our ShieldFREE and ShieldPRO plugins offer the best overall security measures and pricing so that you don’t have to worry about your website going down from a hack. It scans and cleans your site automatically for you!
If you have further questions about anything in particular here just shoot us a message or leave a comment on this post!
To get quick help and advice from your Shield community, jump into our Facebook group.
Until next time.
Paul and the team.
Stopped login attempts when nothing else could.
For over a 12 hour period I was being botnet attacked every 30 seconds with login attempts from different IP addresses. Nothing I did suggested by anyone or my useless host shut it down. Finally I installed this and enabled most of the settings and it stopped all login attempts!…
Great plugin, thank you!
Not simple but comprehensive
Great tool. Easy to install, provides good protection (as far I can judge) and responsive on the support ticker! Additional security functionality well thought through.
Simple, does what it claims,well designed and no bloat. I use it on all of my sites. Continue to be awesome guys! 🙂 Best regards, Doc