October 20, 2021 by Paul G. | Blog, Malware, Security, WordPress Solutions

Easily Remove the Favicon.ico Virus From Your WordPress Website

Shield Image

Recently, many WordPress website owners have been receiving a malicious Favicon.ico virus on their websites which has caused them to be shut down by hackers. The Favicon.ico virus is a malware that inserts itself into your website’s database and begins redirecting visitors away from your site without permission! In this blog post, we will show you how to remove the Favicon.ico Virus from your WordPress Website in less than 5 minutes!

What is Favicon.ico Malware??

Favicon.ico is a malicious virus that installs itself and changes your website’s favicon (the little image next to the site title) as well as inserts code into header, footer, or index files of all installed WordPress themes on your website.

Once Favicon.ico malware has been injected onto your web pages it will automatically inject unwanted advertisements from outside sources such as ad networks like Google Adsense, Chitika etc. which can cause serious damage to traffic revenue!

It may also redirect visitors away from your blog by sending them off to adult websites via affiliate links in an effort for hackers to profit even more at the expense of you having lost money through payments made for these fraudulent purchases.

How Did I Get A Favicon.ico Virus?

WordPress websites are not safe from this malware as it is capable of affecting all themes and plugins. The Favicon.ico virus can infect your site through one or multiple vulnerabilities in WordPress which allows hackers access to the backend of your website. Some examples may be weak passwords, outdated WordPress websites that have existing security issues with previous hacks, installing a malicious plugin, etc.

Once hacked into you will notice changes on your blog’s front end where visitors see broken links or iframe redirections popping up left right and center! You might even start seeing irregularities appearing in Google Webmaster Tools such as warnings about hacking attempts because Favicon.ico Malware causes red flags within search engine algorithms due to its spam-like behavior patterns!

How To Remove Favicon.ico Malware?

By far the easiest way to remove the Favicon.ico virus is by using a removal tool like Shield Security which can automatically detect and clean it within minutes! If you are not in need of professional website security services then follow these steps below on how to easily remove this dangerous malware manually:

Step 1  

Make sure you delete everything related to this infection because even if things seem gone chances are they aren’t really removed which means reoccurrence might happen anytime soon!

Suspicious files that contain text such as “Favicon” or “.ico”.

Some examples include:

icon.png, favicon.gif, etc.

These infected theme/plugin files may be located anywhere within your WordPress installation directory where installed themes & plugins reside e.g.:

wp-content/themes/yourtheme folder

wp-includes/plugins folder


Step 2

If you have successfully deleted all malicious files then move on to Step #4  to scan your database for potential infections. Otherwise, proceed with the rest of these steps below!

Step 3

Check if there are any suspicious queries or functions being added into WordPress core file “wp-includes/theme.php”. The malware may modify this file so be sure to compare it against a clean version found in WordPress official website at:


You should see minimal differences but anything that’s out of place is most likely not present within the original theme which means something has been updated and changed by hackers that shouldn’t be there! Any extra code inserted into this file means you have a serious infection on your hands and the only way to remove it is by taking care of it manually.

Step 4

Search your entire database for suspicious code or any other signs that may cause red flags within search engine algorithms due to its spam-like behavior patterns!

You should find some results but the majority will be located in the wp_posts table where infected posts contain hidden links pointing to adult websites, malware downloads etc… Delete all these results and you are well on your way to eliminating Favicon.ico completely off your site!

This manual work is necessary if you can not access your website’s wp-admin backend, but if you can our Shield Security plugin’s scan tool can find and remove these types of infections for you. When you upgrade to ShieldPro you can set it to automatically scan and remove infected files such as the Favicon.ico malware automatically so you don’t have to worry about your site going down due to this issue!

Let us know in the comments if you’ve encountered this before and what you did to fix it!

ShieldPRO Testimonials
@gscrim's Gravatar @gscrim

Great plugin

Hi guys, For me who knows nothing about security it was still simple enough to implement in a way that I felt comfortable with and every step of the way the relevant info was there. More then that – these guys provide a path to cover site security aspects (WP)…what…

@snowme's Gravatar @snowme

Great Plugin and Even Better Support

I had an issue getting the Rename Login setting to work. I posted to their support forums and got immediate and constant responses. They even provided an updated version of the plugin to help with my troubleshooting. In the end it turned out to be an issue with my Apache…

@janemanthorpe's Gravatar @janemanthorpe

Brilliant Security plugin

Simple Fire Wall lives up to its name, its simple and it works! I have been using this plugin for a year now and love it as it has many features that are all useful and work. To setup, because of the many features its looks complex but its pretty…

@frankmartialarts's Gravatar @frankmartialarts

Useful & accurate

I’ve been hacked but after installing this software it never happened again.

Hey there good-lookin'! Do you like what you've read here? :)

If this cool feature is something you'd like, but you haven't gone PRO yet, click here to get started today. (no risk, with a 14-day satisfaction guarantee!)

You'll get all PRO features, including Malware Scanning, WP Config Protection, Plugin FileGuard, import/export, customer support, and so much more. Not only that, you'll get that warm, fuzzy feeling that comes from supporting our work and future development.

Make Me Pro →

Comments (1)

    Yes, I have this! Among other things… This and other stuff keeps popping up. I think the problem is that I have other domains under the same cPanel account. A couple of those are *not* WP sites, just PHP, and I knew of no way to secure them. Any suggestions?

    Fortunately Shield does in fact delete and repair problems automatically, when it can. But that I keep finding new issues means I need to get to the root of the problem. Really, really hard.

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese