Published on November 4th, 2015 📆 | 5787 Views ⚑0
How to Remove Malware From WordPress Website – Improve Site Speed
http://deanethridge.com How to Remove Malware from WordPress
Recently I got hacked on one of my unused websites through an outdated plugin or theme, and it was painful. I created a video and a step by step guide on how to remove malware from wordpress so if this ever does happen to you, you’ll know how to get rid of malware from your site.
It can be painful let me tell ya, so I wanted to make a WordPress tutorial on how to remove it fairly painlessly.
This step-by-step guide can be used by practically anyone to remove malware from WordPress. There are companies out on Freelancer or ODesk that can help you remove it, but I found a good malware removal plugin for WordPress that really did a nice job for me. The video below shows you how to remove malware from a WordPress site for around $29 from the Get Off Those Maliciously Loaded Scripts. There’s no affiliate program, so I am simply speaking from experience that this plugin did a great job for me.
For those of you familiar with C-Panel and File Manager, you can follow the FTP Guide below I got from SecurePress.org. For most of us, the plugin works very well, and gives you added security for a small fee annually.
Okay, let’s begin with the advanced version of malware removal from a WordPress site.
Step 1: Scan Your WordPress Site for Malware
Malware can infect your WordPress site in many ways, one of which is if your computer has a virus that is leaking your FTP password. This is actually quite common. So first things first is to make sure your computer is virus-free. I recommend scanning with MX Toolbox, Malware Bytes, and to be doubly safe, another anti-virus scanner such as AVG or Kaspersky.
Step 2: Change Your cPanel FTP Password to WordPress Immediately
Step 3: Download the Newest Version WordPress
Step 4: Extract WordPress Files from Your Computer
Step 5: Removing The Malware Infection
Login to your FTP or cPanel File Manager.
Your WordPress installation files on your web host should look like this:
Delete everything you see there except for the wp-content folder, and the wp-config.php file.
Now your installation should look like:
In your cPanel File Manager, click on and edit the wp-config.php file. Make sure there are no strange codes or anything unusual. If there is malware in this file, it will generally look like a long string of random text. You can compare it to the wp-config-sample.php file to be sure.
Now go into the wp-content folder. It should look like:
Make a list of the plugins you are currently using, then remove the plugins folder and index.php file. You will need to re-install your plugins after the cleaning process.
Go into the themes folder, and remove any theme which you are not using. You will then need to individually check each file in your current theme to make sure there is no malware or strange codes in them. If you have a clean backup of your theme somewhere like on your computer, then to be safe you should just delete the entire themes folder.
Check every directory inside your uploads folder to make sure there are no php files or anything that you may not have uploaded.
Step 6: Re-upload WordPress
The fresh WordPress files that you extracted earlier in Step 4 can now be uploaded via FTP.
If you removed your theme you should also re-upload your clean backup theme files.
Step 7: Change WordPress Admin Password and Re-install Plugins
If you don’t want to use a random password like Gsdi6!33&W, then pick an uncommon phrase with 3 or more words likeAragornLuvsArwen!3. A strong password is one with uncommon words, at least 1 number, 1 special character and a mix of upper and lower case characters.
Step 8: Remove Google Warning
Now that your site is free of malware, you can submit your site to Google to get the warning “This site may harm your computer” removed. Login or create an account at Google Webmaster Tools, add your site, click Health, and then click Malware. and finally Request a review.
So I help this helps you in your attempts to remove malware from WordPress. Trust me, it’s no fun dealing with website issues and the increased speed on your site will help you improve your rankings online to boot. Let me know if you have any other suggestions on how to remove malware if you’ve got any or leave a comment below if this helped. Have a blessed day!