In this post, we will see how to remove malware from your WordPress installation. You can easily check if your WordPress site is infected by using an online scanner such as Securi's site checker. If you have identified that your site has been compromised, follow the steps below to repair your installation.
1. Scan your computer
- Malware can get to your site in several ways, one of which is through a virus on your machine that transmits your FTP password. Scan your computer for malware or infection with a good quality antivirus, such as Malware Bytes, AVG, or others.
2. Change your control panel and FTP passwords.
- Once you have cleaned your computer, change the password for your Plesk or cPanel logins and change your FTP password.
- We recommend that you use a strong password generator such as Strong Password Generator.
3. Download the latest version of WordPress
- Download and extract the latest version of WordPress from the WordPress download page.
4. Clean your infected WordPress site
- FTP into your site, the WordPress folder should look like this:
- Now, delete all files here except the wp-content folder and the "wp-config .php" file.
- Drag the "wp-config .php" file to your desktop and open it in your code editor. Check here for any unusual code, in particular long strings of random text. You can compare it to the wp-config-sample .php file in your new WordPress download.
- If you find something that shouldn't be there, back up your site's wp-config .php file, then delete the unwanted code and upload the edited file again via FTP.
- Next, open the wp-content folder, which should look like this:
- Open the plugins folder and make a list of the plugins you are currently using.
- Go back to the wp-content folder and delete the plugins folder and the index .php file.
- You will need to reinstall your site's pulgins once you have completed the cleanup process..
- Open the themes folder and delete the themes you are not using.
- If you have a clean backup of the theme you are using, you can delete all themes here, otherwise you will need to check all theme files for suspicious code.
- Finally, check your uploads folder and remove any files that end in .php, or any other files that you have not uploaded.
5. Reload WordPress
- Upload the WordPress files you downloaded earlier and remember to upload the themes as well. Do not overwrite the "wp-config .php" file.
6. Change your WordPress admin panel password
- You should be able to access the control panel area of your site now. Log in and change the administrator password. Remove any other users - remember to use a secure password generator!
7. Install your plugins
- You will need to reinstall the plugins you removed earlier, add them one at a time and verify that your site is working each time.
8. Clear the Google warning
- If your site has the warning "This site may harm your computer", log in or create an account in Google Webmaster Tools. Add your site and then click on "health", then "malware" and then "request a review". Google will check your site and, if it is now malware-free, will remove the warning.
