WordPress is one of the most popular CMS which empowers more than 70 million websites worldwide. WordPress is also the major target of attackers to infect WordPress sites with malware due to its success. Today we will see how to remove malware from WordPress Site and secure it after cleanup the infection in 2024.
UPDATE: According to the New Google safe browsing Policy, Sites infected with malware will be banned for 30 Days to request a review if classified as Repeat Offender by Google.
Looking for WordPress Hack Cleanup Service?
WordPress Hack Cleanup Service at Just $89
Table of Contents
- 6 Easy Steps to Remove Malware from WordPress Site
- How to fix infected WordPress site
- How to Clean a Hacked WordPress WP Site
- WordPress Malware Removal & Cleanup
6 Easy Steps to Remove Malware from WordPress Site
There are two approaches to fix the infected WordPress site. One is fixing yourself by following the below steps, and the second is to hire a dedicated malware removal expert to fix your site and secure it from future hacking attempts. You can hire us to clean and secure your website from malware with a one-year warranty.
At netzole.com, we help website owners and agencies to repair their hacked websites. We suggest you hire an expert to fix your hacked website because it requires expertise. In this article, we’ll review the steps to remove malware from a compromised WordPress site.
How to fix infected WordPress site in 2024
What are the reasons the WordPress sites get hacked?
There are many reasons for the compromised WordPress site. Some common reasons are the following
- Outdated plugins or themes.
- Outdated WordPress core.
- Use of Nulled plugins and themes.
- The site is running on an outdated Php version.
- Use of weak passwords or commonly used usernames like admin.
- Insecure web hosting
- Directory indexing on
- Incorrect file permissions
- Unsecured WordPress Installation
If you choose the first approach, you have to follow the below steps to fix your site.
Step 1: Backup your site
Before starting the cleanup process, we should take a full backup of our database, and WordPress files because if anything goes wrong or delete any correct file by mistake, we can revert it if we have a backup.
In the previous article, we showed how to backup WordPress Database Manually.
You can also use the backup plugin for taking backup of the site if you can log in at the backend. Sometimes hackers corrupt the database or the host suspends the hosting account. In that situation, you cannot use a backup plugin.
There are many free plugins available for backups like Updraftplus, BackWPup, and Duplicator.
If your database size is large for backup, you can optimize the database before taking backup.
Sometimes the site size is quite larger, over 1 GB. In that case, you should use the manual process for backup: zip all files and take database backup manually.
Step 2: Scan the files and database
After taking backup, we start the cleaning process. First, you should scan all files to know which files are infected.
If you are on VPS, cloud, or dedicated server, you can install a scanner like Maldet or ClamAV and scan the entire server via the command line.
You can also use a scanning plugin if you have access to the site backend. There are many plugins available at the WordPress repository, which will help you to detect infected files on your server. In the previous article, we reviewed the 5 best scanning plugins.
Below is the sample code of malicious code
Step 3: Clean the files and database
Once the scan is done and has a list of infected files, Our task is to remove infected codes from each file. You can edit your files via Filezilla if you are on FTP or CPanel file editor.
If you have ssh access, you can edit your files with the nano command. Sometimes attackers injected the scripts or spammy links at the database, so you should also remove the infection from the database entries. You can connect the database via PHPMyAdmin or adminer.php script.
Step 4: Fix Backdoors
Hackers leave some backdoors to get access to your site again in the future so it is necessary to fix all backdoors. Commonly they use the following PHP functions:
- base64
- eval
- preg_replace (with /e/)
- exec
- str_rot13
- stripslashes
- gzuncompress
- system
- move_uploaded_file
- assert
The following backdoors can be under various folders of the site or plugins and themes folders.
Step 5: Secure the WordPress site
After cleaning all files and database entries, we will follow some necessary steps to secure our site.
Change password and remove unknown administrator
If you have no access to your site backend, you can recover the access by changing the admin password via PHPMyAdmin. If you see any unknown user with administrative privilege, you should remove such type of user, and also If you are using default admin username you should remove it and use a custom username
Update plugins and themes
For keeping your site secure, you should keep the site updated. If you see any updates available for core, plugins, and themes, you should update immediately. You should also remove all plugins which are not been updated by their authors for many years and replace them with a regularly updating plugin.
Install security plugin
Now you should install a security plugin at your site to keep it secure from future attacks.
There are many free and paid plugins available at the repository for setup firewall and regular scanning like Wordfence security Plugin.
If you hire us for malware removal, we will harden your WordPress installation and set up other security fixes manually along with the firewall plugin.
Step 6: Tell Google that Our site is Clean and other blacklist removal
Now the time is to remove the site from the blacklist. Google penalizes the infected site and marks the site as infected at search results.
You can submit a request to google by Search Console for removing manual actions and removing warnings from their search results. If you hire us, we will remove your site from all blacklists, including Google, Bing, Macafee, Norton, etc. within 48 Hours.
Conclusions
Prevention is better than cure. Secure your site before hack so keep everything updated and move your site to better and secure hosting!
How to transfer WordPress to a new server without any downtime
For extra security stuff you can also consider the following articles:
How to protect WordPress wp-admin and wp-login.php attempts
Disable XML-RPC in WordPress to Prevent DDoS Attack
How to Remove the WordPress Version Number
WordPress Malware Removal & Cleanup
If you have any difficulty fixing your hacked WordPress site yourself, Please Give us a chance to clean and secure your site with a 1-year guarantee.
Our WordPress security services include malware removal, hack recovery, hardening, WordPress updates, and much more. Click below to avail of exciting discounts.
Hire Us to fix your Infected WordPress site within 24 Hours with One year Warranty!