Many clients complaining about their WordPress website got hacked again, or malware came back after removing the malware. Remove malware from the WordPress website is tricky because the attacker can put a line of code somewhere on your website without detected by the malware scanner.
I fixed thousands of hacked WordPress websites, and there is no issue again after it. I will tell you how to do that.
1. Backup the website first
If you want to do something important with your website, make sure you backup it first. I am usually using the free UpdraftPlus plugin, but any backup plugin will works. Make sure you back up all the files inside your WordPress website.
2. Use a WordPress malware scanner
After I backup the website, the next step is to use a malware scanner like WordFence to find out the malware or other files put into your website by an attacker.
3. Remove malware from your website
Remove any detected malware from your website. A plugin like WordFence usually has a removal feature that you can use.
4. Manual check the /wp-content/ folder
This is the thing that not all security guys did. They think all malware is already detected by malware scanner, but in my experience, not all the malware is detected by the malware scanner.
How to find out hiding malware inside /wp-content/ folder?
- Use File Manager or FTP feature from your web hosting to open the /wp-content/ folder inside your website’s main directory.
- Open all subfolder inside /wp-content/uploads/ and clean any .php files inside.
- Remove all unused themes inside /wp-content/themes/.
- If you didn’t make any changes in your main theme previously, remove the theme and upload the same theme but the clean one. You can get it from the theme developer, WordPress theme directory, or from where you buy the theme.
- List all plugins inside /wp-content/plugins . Download the new plugins from the WordPress plugin directory or from where you buy the plugins and upload them into the /wp-content/plugins/ folder.
- Manual check another folder inside /wp-content/ folder.
5. Remove these folders and files
You don’t need to worry. Just remove the /wp-admin/ and /wp-includes/ folder and all .php files inside the main directory except the wp-config.php and any .php files that may be needed by 3rd party app.
6. Upload new WordPress files
Download the latest WordPress version, then upload it into your website’s main directory.
7. Happy Ending
Check your homepage and Dashboard. Sometimes the front end will be slightly different because of the plugins and theme update.
That’s how I usually remove malware from a hacked WordPress website. I hope this article will help you.
Hey! If you need any help to remove malware from your WordPress website, you can ask me to do that. Don’t hesitate to contact me!.