WordPress is one of the most popular website management systems used worldwide. According to W3Techs, it powers 34% of all websites on the Internet. WordPress’s popularity is partly due to the large number of plugins and templates available that allow almost anything to be done on a website.
A variety of functions also come with vulnerabilities. Hackers can often access code and infect WordPress sites just as they can create malware on a router.
Malware can infect and destroy your website, so it’s important to act quickly to remove the malware from your WordPress site. **> 1.
NOTE: THIS IS A TRANSLATION FROM ANOTHER SOURCE. I HAVE TO RESOUR. FOR ANY CONTRIBUTION, YOU CAN COMMENT BELOW **
Contact your web host first
Before trying any of the suggestions below, contact your hosting company first. It’s possible that the host, especially if you’re using a shared server, is spreading malicious code from another website into your website.
Have them scan their server to make sure it’s not the culprit before trying to remove the malware from your website. Additionally, they can make suggestions to less technical website owners on how to safely scan and remove malware from their website.
Some hosts may also provide a service that they will delete it for you. And then back up your website, reducing the risk of bringing malware into your backups.
Web hosts have the expertise, tools, and options for dealing with malware, so check with them before trying to do it yourself.
Take preventive measures
It’s best to try to stop threats before they happen. The most important action a user should take is to ensure that they are always running the latest and most stable version of WordPress, even if they are just installing the test version on their computer.
Newer versions are usually released to fix the common vulnerabilities found in previous versions. The same is true for plugins and themes. Update them and remove the ones you don’t use.
Some of the negative issues that malware can cause on a WordPress site include:
Web and MySQL increase server resource consumption.
Unwanted advertising.
Spam is sent in bulk.
Stealing personal data of customers and users.
Information loss from your website.
Google penalty.
What can you do if your website is infected or hacked? In this article, we will present the steps you can take to remove the malware from your WordPress site.
Use a WordPress Malware Removal Plugin
If you are able to login and access your WP admin area, you may not have to reload your entire website. Using a suitable WordPress plugin can help remove malware from your WordPress site.
MalCare Security
MalCare is a premium plugin that will instantly remove the malware from your WP settings. It not only helps clean up a hacked website, but also protects against future security breaches.
One of the benefits of MalCare is that it scans your website on its own servers. Your website will not experience any load against its resources and will continue to run smoothly.
There are four prices starting from $ 99 / year for one website (Personal) up to the Custom Agency Plus plan for more than 20 websites.
Malcare is a comprehensive WP security plugin that includes many additional features such as:
Real-time email alerts.
Keep track of small file changes.
Minimize false alarms.
WordFence
One of the most used plugins for WP security is WordFence. It includes a malware scanner and endpoint firewall.
From its protection against brute force attacks to firewall blocks, the free version of WordFence is powerful enough for smaller websites.
If you want extra features like two-factor authentication, leaked password protection, and advanced manual blocking, you can purchase a premium license. Prices are based on the number of licenses you buy, starting at $ 99 for one.
All in One WP Security & Firewall
One of the free security plugins with the most features is All in One WP Security & Firewall. It provides an easy, intuitive interface to use gauges and graphs.
The plugin is designed for beginners and more advanced developers with three categories: basic, intermediate, and advanced.
All-in-one WP Security protects websites by:
Provides file and database security.
Increased user registration security.
Block strong login attempts.
Additional features include the ability to back up .wp-config and .htaccess files. Users can also recover these files if something goes wrong on their website.
For a complete list of all WordPress security plugins, visit WordPress.org . If you are unable to sign in, you may have to completely reinstall your website.
If you are more tech savvy and run a website on your own server, follow the steps below carefully.
Remember that backing up your website and deleting it can be dangerous and should only be done by highly skilled web owners.
Backup your database & all files
If you are infected and need to remove malware from your WordPress site, it is important to protect your content immediately. Before doing anything, make a full backup of your WordPress site so you can restore it in case anything goes wrong.
Make sure to back up the clean version of your MySQL database and FTP account. There are several ways to back up a website, including through the cPanel, phpMyAdmin, and WordPress plugins (such as Vaultpress).
All WordPress users should back up their website regularly. The steps below outline how to manually remove the malware from your WordPress site.
Step 1: Check your files
After you have backed up your entire WP site, download the backup zip file on your computer. Open it by double left clicking on it. You should see the following files:
All core WordPress files.
Wp-config.php.
.htaccess: This is a hidden file and includes the name, username and password in your WordPress database. To make sure you’ve backed up this file, use a code editor or an FTP program that allows you to view hidden files.
Make sure to check the option Show hidden files.
The wp-content folder includes uploaded themes, plugins, and content.
SQL database.
Step 2: Delete all files & folders from Public_html folder
Once you’re sure you have a complete backup of your website, go to your Web Host File Manager.
Find the public_html directory and delete its contents except the wp-config.php, wp-content and cgi-bin directories.
Make sure you are also viewing hidden files, including. htaccess as it can be compromised.
If you are hosting multiple websites, you should assume that they have also been compromised as cross-contamination is common. Follow the same procedure for all saved web pages
hosted on the same server.
Open wp-config.php file and compare it with sample wp-config file. You can find this file in the WP GitHub repository.
Also go through your file for anything suspicious such as a long code string. If you’re sure something shouldn’t be there, get rid of it.
Now, go to the wp-content folder and:
Make a list of all your installed plugins and then remove them.
Delete all themes, including the one you are currently using. You will reinstall it later.
Look in your uploads folder to see if there’s something in there that you haven’t put there yet.
Delete index.php after you have removed all plugins.
Step 3: Install the clean version of WordPress
Navigate to your web host control panel and reinstall WordPress to the same directory of its original location.
It will be either public_html directory or in a subdirectory if you have WordPress installed on a plugin domain. Use the one-click installer or QuickInstall (depending on your hosting company) in your web hosting dashboard.
Extract the tar file or compress and upload the file to your server. You will need to create a new wp-config.php file and import data from your website backup. You just need to enter the database name, password and prefix.
Step 4: Reset Permalinks & Password
Log in to your WP site and reset all username and passwords. If there are any unrecognized users, it means your database has been compromised.
You can hire an expert to clean your database to get rid of any malicious code.
To reset Permalinks, go to Settings> Permalinks and then Save changes. This process will restore your .htaccess file and fix your website URLs for them to work. Also, please reset all hosting accounts and FTP passwords.
Step 5: Reinstall Theme & Plugins
Do not install older versions of your theme or plugin. Instead, get a fresh download from the WordPress repository or premium plugin developer site. Do not use plugins that are no longer supported.
If you have customizations from your old website theme, see the backup files you downloaded to your computer and copy the changes on the fresh copy.
Step 6: Scan & re-download your photos & documents from your backup
This step may be tedious, but it is necessary. Take a close look at your uploaded images and files before duplicating them again to the new wp-content> uploads folder in the file manager.
Use the up-to-date antivirus program to scan all files to see if any are infected. Download the clean files back to your server using the FTP client or file manager. Keep the directory structure intact so you don’t end up with broken links.
Step 7: Notify Google
If you find out that your site has been compromised due to a warning from Google, you need to let them know that you’ve removed the malware so they can dismiss the notification on your account.
Go to Google Search Console and sign in if you already have an account. If you don’t, please register your website.
Find Security & Manual Actions in left navigation. Click the drop-down menu and select Security issue.
Source: https://helpdeskgeek.com/wordpress/how-to-remove-malware-from-your-wordpress-site/