WordPress is one of the most popular CMS which empowers the more than 70 million websites worldwide. WordPress also the major target of attackers to infect WordPress site with malware due to it’s success. Today we will see how to remove malware from WordPress Site and secure it after cleanup the infection in 2020.

UPDATE: According to the New Google safe browsing Policy, Sites infected with malware will be banned for 30 Days to request a review if classified as Repeat Offender by Google.

Looking for WordPress Hack Cleanup Service?

WordPress Hack Cleanup Service at Just $89

Wordpress Malware Removal

Table of Contents

  • 6 Easy Steps to Remove Malware from WordPress Site
  • How to fix infected WordPress site
  • How to Clean a Hacked WordPress WP Site
  • WordPress Malware Removal & Cleanup

6 Easy Steps to Remove Malware from WordPress Site

There are two approaches to fix the infected WordPress site. One is fixing yourself by following the below steps, and the second is to hire a dedicated malware removal expert to fix your site and secure from future hacking attempts. You can hire us to clean and secure your website from malware with a one year warranty.

At netzole.com, we help website owners and agencies to repair their hacked websites. We suggest you hire an expert to fix your hacked website because it requires expertise. In this article, we’ll review the steps to remove malware from a compromised WordPress site.

How to fix infected WordPress site in 2020

remove malware from WordPress

What are the reasons for WordPress site get hacked?

There are many reasons for the compromised WordPress site. Some common reasons are the following

  • Outdated plugins or themes.
  • Outdated WordPress core.
  • Use of Nulled plugins and themes.
  • The site is running on an outdated Php version.
  • Use of weak passwords or commonly used usernames like admin.
  • Insecure web hosting
  • Directory indexing on
  • Incorrect file permissions
  • Unsecured WordPress Installation

If you choose first approach, you have to follow below steps to fix your site.

Step 1: Backup your site

Before starting the cleanup process, we should take a full backup of our database, and WordPress files because if anything goes wrong or delete any correct file by mistake, we can revert it if we have a backup. 

In the previous article, we showed how to backup WordPress Database Manually.

You can also use the backup plugin for taking backup of the site if you can log in at the backend. Sometimes hackers corrupted the database or host suspends the hosting account. In that situation, you cannot use a backup plugin.

There are many free plugins available for backups like Updraftplus, BackWPup, and Duplicator.

If your database size is large for backup, you can optimize the database before taking backup.

Sometimes the site size is quite larger, over 1 GB. In that case, you should use the manual process for backup: zip all files and take database backup manually.

Step 2: Scan the files and database

After taking backup, we start the cleaning process. First, you should scan all files to know which files are infected. 

If you are on VPS, cloud or dedicated server, you can install a scanner like Maldet or ClamAV and scan the entire server via the command line. 

You can also use a scanning plugin if you have access to the site backend. There are many plugins available at the WordPress repository, which will help you to detect infected files at your server. In the previous article, we reviewed the 5 best scanning plugin.

Below is the sample code of malicious code

malware examples

Step 3: Clean the files and database

Once the scan is done and has a list of infected files, Our task is to remove infected codes from each file. You can edit your files via Filezilla if you are on FTP or CPanel file editor.

If you have ssh access, you can edit your files with nano command. Sometimes attackers injected the scripts or spammy links at the database, so you should also remove the infection from the database entries. You can connect database via phpmyadmin or adminer.php script.

Step 4: Fix Backdoors

Hackers leave some backdoors to get access your site again in future so it is necessary to fix all backdoors. Commonly they use following php functions:

  • base64
  • eval
  • preg_replace (with /e/)
  • exec
  • str_rot13
  • stripslashes
  • gzuncompress
  • system
  • move_uploaded_file
  • assert

The following backdoors can be under various folders of the site or plugins and themes folders.

Step 5: Secure the WordPress site

After cleaning all files and database entries, we will follow some necessary steps to secure our site.

Change password and remove unknown administrator

If you have no access to your site backend, you can recover the access by changing the admin password via PHPMyAdmin. If you see any unknown user with administrative privilege, you should remove such type of user and also If you are using default admin username you should remove it and using a custom username

How to Change Admin Username in WordPress

Update plugins and themes

For keeping your site secure, you should keep the site updated. If you see any update available for core, plugins, and themes, you should update immediately. You should also remove all plugins which are not updated by their authors for many years and replace them with a regularly updating plugin.

Install security plugin

Now you should install a security plugin at your site to keep it secure from future attacks.

There are many free and paid plugins available at the repository for setup firewall and regular scanning like Wordfence security Plugin.

If you hire us for malware removal, we will harden your WordPress installation and setup other security fixes manually along with firewall plugin.

Step 6: Tell Google that Our site is Clean and other blacklist removal

Now the time is to remove the site from the blacklist. Google penalizes the infected site and marks the site as infected at search results.

You can submit a request to google by Search Console for removing manual actions and removing warnings from their search results. If you hire us, we will remove your site from all blacklist, including Google, Bing, Macafee, Norton, etc. within 48 Hours.

Wordpress Hack Cleanup Infographic

Conclusions

Prevention is better than cure. Secure your site before hack so keep everything updated and move your site to better and secure hosting!

How to transfer WordPress to new server without any downtime

For extra security stuff you can also consider following articles:

How to protect WordPress wp-admin and wp-login.php attempts
Disable XML-RPC in WordPress to Prevent DDoS Attack
How to Remove the WordPress Version Number

WordPress Malware Removal & Cleanup

If you have any difficulty to fix your hacked WordPress site yourself, Please Give us a chance to clean and secure your site with a 1-year guarantee.

Our WordPress security services include malware removal, hack recovery, hardening, WordPress updates, and much more. Click below to avail of exciting discounts.
Malware removal service

Hire Us to fix your Infected WordPress site with in 24 Hours with One year Warranty!

Pin It on Pinterest

Shares
Share This