WordPress is one of the most popular CMS which empowers the more than 70 million websites worldwide. WordPress also the major target of attackers to infect WordPress site with malware due to it’s success. Today we will see how to remove malware from WordPress Site and secure it after cleanup the infection.

Wordpress Malware Removal

8 Easy Steps to Remove Malware from Your WordPress Site
How to fix infected WordPress site
How to Clean a Hacked WordPress WP Site
WordPress Malware Removal & Cleanup

8 Easy Steps to Remove Malware from Your WordPress Site

There are two approaches to fix the infected WordPress site. One is fix yourself by following below steps and second is hire a dedicated malware removal expert to fix your site and secure from future hacking attempts. You can hire us for clean and secure your website from malware with one year warranty.

At netzole.com, we help website owners and agencies to repair their hacked websites. We suggest you to hire a expert to fix your hacked website because it requires . In this article, we’ll review the steps to remove malware from a compromised WordPress site.

How to fix infected WordPress site

If you choose first approach, you have to follow below steps to fix your site.

First Step: Backup your site

Before start the cleanup process, you should take full backup of your database, and WordPress files because if anything goes wrong or we delete any correct file by mistaken during the cleaning site we will be able to revert back. If you are using cpanel or plesk you can use cpanel backup tool or you can export the database and zip the all files manually. see How to backup WordPress Database Manually

Second step: Clean the files

After taking backup, we start the cleaning process, First you should scan the all files to know which files are infected. If you are on vps, cloud or dedicated server you can install scanner and scan the entire server via command line. You can also use scanning plugin at site. There are many plugins available at WordPress repository which will help you to detect infected files at your server. Now our task is to remove infected codes from each files. You can edit your files via filezilla if you are on ftp or cpanel file editor and If you have ssh access you can edit your files with nano command. sometimes attackers injected the scripts or spammy links at the database so Now you should remove infection from database entries.

Third Step: Secure your site

After cleaning the all files and database entries, We will follow some major steps to secure our site.

Change password and remove unknown administrator

If you have no access to your site backend you can recover the access by changing the admin password via phpmyadmin. If you see any unknown user with administrative privilege, you should remove such type of user and also If you are using default admin username you should remove it and using custom username

How to Change Admin Username in WordPress

Update plugins and themes

For keeping your site secure you should keep updated. If you see any update available for core, plugins and themes, you should update immediately. You should also remove all plugins which are not updated by their authors for many years and replace with regularly updating plugin.

Install security plugin

Now you should install security plugin at your site to keep it secure from future attacks. there are many free and paid plugins available at repository for setup firewall and regular scanning like Wordfence security Plugin. If you hire us for malware removal we will harden your WordPress installation and setup other security fixes manually along with firewall plugin.

Tell Google that Our site is Clean and other blacklist removal

Now the time is to remove our site from blacklist. Google penalise the infected site and mark the site as infected at search results. You can submit request to google by Search Console for removing manual actions and removing warning from their search results. If you hire us We will remove your site from all blacklist including Google, Bing, Macafee, Norton etc with in 48 Hours.


Prevention is better than cure. Secure you site before hack so keep everything updated and move your site to better and secure hosting!
How to transfer WordPress to new server without any downtime

For extra security stuff you can also consider following articles:

How to protect WordPress wp-admin and wp-login.php attempts
Disable XML-RPC in WordPress to Prevent DDoS Attack
How to Remove the WordPress Version Number

WordPress Malware Removal & Cleanup

Our WordPress security services includes malware removal, hack recovery, hardening, WordPress updates and more.
Malware removal service

Hire Us to fix your Infected WordPress site with in 24 Hours with One year Warranty!

Pin It on Pinterest

Share This