October 20, 2021 by Paul G. | Blog, Malware, Security, WordPress Solutions

Easily Remove the Favicon.ico Virus From Your WordPress Website

Shield Image

Recently, many WordPress website owners have been receiving a malicious Favicon.ico virus on their websites which has caused them to be shut down by hackers. The Favicon.ico virus is a malware that inserts itself into your website’s database and begins redirecting visitors away from your site without permission! In this blog post, we will show you how to remove the Favicon.ico Virus from your WordPress Website in less than 5 minutes!

What is Favicon.ico Malware??

Favicon.ico is a malicious virus that installs itself and changes your website’s favicon (the little image next to the site title) as well as inserts code into header, footer, or index files of all installed WordPress themes on your website.

Once Favicon.ico malware has been injected onto your web pages it will automatically inject unwanted advertisements from outside sources such as ad networks like Google Adsense, Chitika etc. which can cause serious damage to traffic revenue!

It may also redirect visitors away from your blog by sending them off to adult websites via affiliate links in an effort for hackers to profit even more at the expense of you having lost money through payments made for these fraudulent purchases.

How Did I Get A Favicon.ico Virus?

WordPress websites are not safe from this malware as it is capable of affecting all themes and plugins. The Favicon.ico virus can infect your site through one or multiple vulnerabilities in WordPress which allows hackers access to the backend of your website. Some examples may be weak passwords, outdated WordPress websites that have existing security issues with previous hacks, installing a malicious plugin, etc.

Once hacked into you will notice changes on your blog’s front end where visitors see broken links or iframe redirections popping up left right and center! You might even start seeing irregularities appearing in Google Webmaster Tools such as warnings about hacking attempts because Favicon.ico Malware causes red flags within search engine algorithms due to its spam-like behavior patterns!

How To Remove Favicon.ico Malware?

By far the easiest way to remove the Favicon.ico virus is by using a removal tool like Shield Security which can automatically detect and clean it within minutes! If you are not in need of professional website security services then follow these steps below on how to easily remove this dangerous malware manually:

Step 1  

Make sure you delete everything related to this infection because even if things seem gone chances are they aren’t really removed which means reoccurrence might happen anytime soon!

Suspicious files that contain text such as “Favicon” or “.ico”.

Some examples include:

icon.png, favicon.gif, etc.

These infected theme/plugin files may be located anywhere within your WordPress installation directory where installed themes & plugins reside e.g.:

wp-content/themes/yourtheme folder

wp-includes/plugins folder


Step 2

If you have successfully deleted all malicious files then move on to Step #4  to scan your database for potential infections. Otherwise, proceed with the rest of these steps below!

Step 3

Check if there are any suspicious queries or functions being added into WordPress core file “wp-includes/theme.php”. The malware may modify this file so be sure to compare it against a clean version found in WordPress official website at:


You should see minimal differences but anything that’s out of place is most likely not present within the original theme which means something has been updated and changed by hackers that shouldn’t be there! Any extra code inserted into this file means you have a serious infection on your hands and the only way to remove it is by taking care of it manually.

Step 4

Search your entire database for suspicious code or any other signs that may cause red flags within search engine algorithms due to its spam-like behavior patterns!

You should find some results but the majority will be located in the wp_posts table where infected posts contain hidden links pointing to adult websites, malware downloads etc… Delete all these results and you are well on your way to eliminating Favicon.ico completely off your site!

This manual work is necessary if you can not access your website’s wp-admin backend, but if you can our Shield Security plugin’s scan tool can find and remove these types of infections for you. When you upgrade to ShieldPro you can set it to automatically scan and remove infected files such as the Favicon.ico malware automatically so you don’t have to worry about your site going down due to this issue!

Let us know in the comments if you’ve encountered this before and what you did to fix it!

Hey handsome!

If you're curious about ShieldPRO and would like to explore the powerful features for protecting your WordPress sites, click here to get started today. (14-day satisfaction guarantee!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and so much more.

Try ShieldPRO Today →

ShieldPRO Testimonials
@appsol's Gravatar @appsol

One of your essential plugins

There are some plugins that get installed on every new WordPress site I build, and this is definitely one of them. – It protects your site from brute force login attempts – It screens incoming data to prevent hacking attempts – It prevents spam bots submitting comments on your site…

@tosc's Gravatar @tosc

Amazing plugin

I only use this plugin to protect my site for more than one month now, and I am so happy with it. The developer is really responsive and gave me tips and clear explanations. This plugin really deserves more than 5 stars. Thanks for your amazing work!

@clouda9's Gravatar @clouda9

Muy Bien!

Seriously folks…if I could, I would give this plugin a bazillion stars! Since it’s discovery and install, the Simple Security Firewall plugin and team behind the scenes has gone above and beyond in securing my site, as well as my peace of mind <–two very good things btw. 😉 Newbie…

@jennwin's Gravatar @jennwin

Great simple and easy

Was simple and easy – seems to be working fine!

Comments (1)

    Yes, I have this! Among other things… This and other stuff keeps popping up. I think the problem is that I have other domains under the same cPanel account. A couple of those are *not* WP sites, just PHP, and I knew of no way to secure them. Any suggestions?

    Fortunately Shield does in fact delete and repair problems automatically, when it can. But that I keep finding new issues means I need to get to the root of the problem. Really, really hard.

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese