10 Efficient Steps to Remove Malware from Your WordPress Site

by | Dec 31, 2023 | Digital Marketing | 0 comments

It is a strenuous task to get rid of Malware from a hacked WordPress site. Once a site is hacked it can lead to a Google blacklist, a blue screen of death, or sometimes even website defacement.

WordPress has always been the main target for cyber attacks. It is crucial to conduct a full-fledged security scan using a trusted plugin to ensure the security of your website. The scan makes sure to identify malicious activities and identifies vulnerabilities and always locates the source of infections, if any.

Malware Removal WordPress Plugin

WordPress website developers highly recommend the Malcare plugin by the makers of BlogVault. This Malware Removal WordPress Plugin has both free and paid versions. You can access your WordPress Dashboard and install a plugin, this is the most easy-to-use and affordable way to get rid of Malware from your site.

For the paid version, you can get it for just $99/year, which is super-affordable compared to other similar services.

Pros of MalCare plugin:

  • The entire scanning process takes place on cloud servers, hence there is no effect on the site’s performance
  • Single-click Malware clean which easily restores data if something goes wrong
  • Strongly built algorithms and deep scanning of files help to find the most complex malware
  • Easy to install and activate which immediately blocks any brute force, sets up a firewall, and copies your website’s encrypted data to their servers for regular scanning. 

WordPress Malware Removal Services

It is important to seek professional help to clean the site if you are unable to access the WordPress admin.

Here are a few steps recommended to Remove Malware from a WordPress Site:

Step 1: Take a Backup of Site files and data

The full backup of the site is required using the web host’s snapshot feature. It might take a while, as this is the most thorough way of taking a backup of your entire server.

In case you can log in, use the WordPress backup plugin and if you are unable to log in the hackers may have compromised the database which is when you need to seek professional help.

It is crucial to create a separate backup of the database using these simple steps

Login in by using Tools>Export to export an XML file of all your data.

Some sites could take a while as the uploads itself could be over 1GB. The wp-content folder plays a key role as it contains all your uploads. If you can’t run the backup plugin and in case your web host does not have a snap-shot feature then you can depend on the web host’s File manager to make a zip archive of the wp-content folder and then download the zip file.

Note:

It is important to make a backup of the .htaccess file and download it. This is an invisible file, hence it can only be seen in the web host’s file manager where you can choose to show invisible when you launch the File Manager. For it to be visible it is important to rename the file and remove the period first so that you can see it on your computer. This step is crucial otherwise it will be invisible on your computer as well. Once you’ve downloaded it you may have to take a backup of the .htaccess file in case it has contents that you may have to take a copy of to clean your site. To establish the PHP version the host may sometimes use .htaccess. Some hosts may use 301 SEO redirects in their .htaccess file. You may want to constantly be vigilant as the .htaccess file can be hacked so it is always advisable to examine it. 

Step 2:

Download and Inspect The Backup Files

Here’s what you should see once the site is backed up to your computer. Double-click the zip file to open:

  • The WordPress Core files – You can easily download it from WordPress.org and check out the files. It is easy to refer to them as you may want to get back to them for your investigation into the hack later.
  • The wp-config.php file – This is crucial as it contains the name, username, and password to your WordPress database which is key for the restoration process.
  • .htaccess file – This file will be invisible and the only way to view your backup folder is by using an FTP program (like Filezilla) or code editing application (like Brackets). These programs and applications help you view invisible files within the interface. (Check the Show Hidden Files Option)
  • The wp-content folder – Here, you get to see 3 folders: themes, uploads, and plugins. If you can see your themes, plugins, and uploaded images then it’s a good sign that you have a sturdy backup of your site. This particular folder is the only key folder that you may need to restore your site. (In addition to your database)
  • The Database: The user should have an SQL file that is an export of your database. This does not mean that we will eventually delete the database but it’s good to have a backup.

Step 3: Delete All Files in the public_html folder

Once you have checked that you have a good backup of your site, make sure to delete all the files in your _html folder (except the CGI-bin folder and any server-related folders that are free of hacked files) using the web host’s File Manager. The File manager is recommended because it’s a lot faster than deleting files via FTP. WordPress website developers also recommend SSH, which is fast and efficient as well. It is crucial to view invisible files and delete any hacked .htaccess files as well.

In case you have other sites that you are hosting on the same account it is most likely that they have been hacked as well. Cross-infection is a common phenomenon here.

It is mandatory to clean all the sites, so back them all up, download the backups, and follow the steps for each.

It may sound dramatic but trying to find all the hacked files on a server is very strenuous. It is important to not just clean one website but also clean others at once as it can reinfect the one that is cleaned and compromise your site again.

Step 4: Reinstall WordPress

Reinstall WordPress in the public_html directory using the one-click installer in your web hosting control panel.

 By referring to the backup of your site you can edit the wp-config.php file on the new install of WordPress to use the database expertise of your former site. This will connect the new WordPress Installation to the old database. Experts do not recommend re-uploading your wp-config.php file as the new one will have login encryption salts which will be set free after being exposed to any hacked code.

Step 5: Reset Passwords and Permalinks

If you find any user you don’t recognize your database has been hacked. It is important to log in to your site and reset all the names and passwords. Contacting a professional is advisable to make sure nothing gets reinfected again. Here is also how you can have a clean site:

Go to settings>Permalinks and click Save Changes. This step will help you restore your .htaccess file, so your site URLs will work again.

Make sure to delete files on your server that are invisible, so that you are not left with any .htaccess files behind. .htaccess file is an invisible file that can take charge of a lot of things. It can be used to maliciously redirect people from your site to other sites. It is key to rest all the FTP and hosting account passwords as well. 

Step 6: Reinstall Plugins

Ensure to reinstall all your plugins from the WordPress repository or fresh downloads from the premium plugin developer. It is advised not to install old plugins and the ones that are hardly maintained.

Step 7: Reinstall Themes

Developers advise you to give your system a new start by reinstalling your theme from a fresh download. If you customize your theme files make sure to replicate the changes on the updated copy of the theme. Do not upload old themes as you may not know which file was compromised.

Step 8: Upload Your Images From The Backup

You need to copy the old image files back up to the new wp-content>uploads folder on the server. This is where it gets tricky because you do not want to copy any hacked files in the process. It gets tedious as you need to carefully examine every year and month folder in your backup and look carefully at each folder to make sure ONLY image files and no PHP files or JavaScript files or anything else you did not upload to your media library. Once it is done, you can upload them to the server using FTP.

Step 9: Scan Your Computer

Scan your computer for viruses, malware, and trojans.

Step 10: Install and Run Security Plugins

The Shield WordPress Security Plugin by iControlWP can be installed and activated. Website developers recommend audit settings to keep track of all the activity on the site. Run the Anti-Malware Security and Brute-Force Firewall to scan the site thoroughly. You do not need 2 firewalls running so deactivate the anti-malware plugin after you get a verification that the site has been cleaned.

You have taken the first and the most important step towards securing your website. The more you know about malware and its effects, the more efficiently you can protect your website.

Submit a Comment

Your email address will not be published. Required fields are marked *