October 20, 2021 by Paul G. | Blog, Malware, Security, WordPress Solutions

Easily Remove the Favicon.ico Virus From Your WordPress Website

Recently, many WordPress website owners have been receiving a malicious Favicon.ico virus on their websites which has caused them to be shut down by hackers. The Favicon.ico virus is a malware that inserts itself into your website’s database and begins redirecting visitors away from your site without permission! In this blog post, we will show you how to remove the Favicon.ico Virus from your WordPress Website in less than 5 minutes!

What is Favicon.ico Malware??

Favicon.ico is a malicious virus that installs itself and changes your website’s favicon (the little image next to the site title) as well as inserts code into header, footer, or index files of all installed WordPress themes on your website.

Once Favicon.ico malware has been injected onto your web pages it will automatically inject unwanted advertisements from outside sources such as ad networks like Google Adsense, Chitika etc. which can cause serious damage to traffic revenue!

It may also redirect visitors away from your blog by sending them off to adult websites via affiliate links in an effort for hackers to profit even more at the expense of you having lost money through payments made for these fraudulent purchases.

How Did I Get A Favicon.ico Virus?

WordPress websites are not safe from this malware as it is capable of affecting all themes and plugins. The Favicon.ico virus can infect your site through one or multiple vulnerabilities in WordPress which allows hackers access to the backend of your website. Some examples may be weak passwords, outdated WordPress websites that have existing security issues with previous hacks, installing a malicious plugin, etc.

Once hacked into you will notice changes on your blog’s front end where visitors see broken links or iframe redirections popping up left right and center! You might even start seeing irregularities appearing in Google Webmaster Tools such as warnings about hacking attempts because Favicon.ico Malware causes red flags within search engine algorithms due to its spam-like behavior patterns!

How To Remove Favicon.ico Malware?

By far the easiest way to remove the Favicon.ico virus is by using a removal tool like Shield Security which can automatically detect and clean it within minutes! If you are not in need of professional website security services then follow these steps below on how to easily remove this dangerous malware manually:

Step 1  

Make sure you delete everything related to this infection because even if things seem gone chances are they aren’t really removed which means reoccurrence might happen anytime soon!

Suspicious files that contain text such as “Favicon” or “.ico”.

Some examples include:

icon.png, favicon.gif, etc.

These infected theme/plugin files may be located anywhere within your WordPress installation directory where installed themes & plugins reside e.g.:

wp-content/themes/yourtheme folder

wp-includes/plugins folder


Step 2

If you have successfully deleted all malicious files then move on to Step #4  to scan your database for potential infections. Otherwise, proceed with the rest of these steps below!

Step 3

Check if there are any suspicious queries or functions being added into WordPress core file “wp-includes/theme.php”. The malware may modify this file so be sure to compare it against a clean version found in WordPress official website at:


You should see minimal differences but anything that’s out of place is most likely not present within the original theme which means something has been updated and changed by hackers that shouldn’t be there! Any extra code inserted into this file means you have a serious infection on your hands and the only way to remove it is by taking care of it manually.

Step 4

Search your entire database for suspicious code or any other signs that may cause red flags within search engine algorithms due to its spam-like behavior patterns!

You should find some results but the majority will be located in the wp_posts table where infected posts contain hidden links pointing to adult websites, malware downloads etc… Delete all these results and you are well on your way to eliminating Favicon.ico completely off your site!

This manual work is necessary if you can not access your website’s wp-admin backend, but if you can our Shield Security plugin’s scan tool can find and remove these types of infections for you. When you upgrade to ShieldPro you can set it to automatically scan and remove infected files such as the Favicon.ico malware automatically so you don’t have to worry about your site going down due to this issue!

Let us know in the comments if you’ve encountered this before and what you did to fix it!

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials
@gerhardade's Gravatar @gerhardade

Set it and Forget it!

Well, not exactly. I check the stats once in a while. This is one part of my internet life I need not to worry about. Great support, too!

@nirgoldberg's Gravatar @nirgoldberg

So simple, so great

As a developer and a website builder of over 200 websites, I’ve tested several security plugins, and I’m happy to say that I truly found the one – a powerful security solution and yet, so simple to configure and manage.

@dogdays's Gravatar @dogdays

Works very well

Thank you very much.

@zahidbajwa's Gravatar @zahidbajwa


I am in web development field since last 15 years and hardly impressed by any plugin but this plugin really flattered me. I never posted any comment on any plugin but for this plugin i am here. Hats off for the author of this plugin.

Comments (1)

    Yes, I have this! Among other things… This and other stuff keeps popping up. I think the problem is that I have other domains under the same cPanel account. A couple of those are *not* WP sites, just PHP, and I knew of no way to secure them. Any suggestions?

    Fortunately Shield does in fact delete and repair problems automatically, when it can. But that I keep finding new issues means I need to get to the root of the problem. Really, really hard.

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese