How to Remove Malware from WordPress Website

remove malware from wordpress
remove malware from wordpress

WordPress is the most popular CMS platform in the world, so it’s no wonder that WordPress is also the CMS that is most often attacked by hackers and has malware embedded in it.

Sometimes novice WordPress users are confused about how to remove malware from WordPress website.

 

They become easy targets because they are less careful and less secure in using WordPress scripts, both in terms of WordPress core, plugins and themes.

Actually WordPress CMS is a very safe CMS to use (it can even be said to be the safest CMS currently available). WordPress continues to make improvements both in terms of security and features.

 

When your WordPress website is exposed to malware, you will usually find these things:

  • Your website redirects itself to another website. But in some cases when you try again, the redirect doesn’t happen.
  • Suddenly you find an outbound link in one of the contents, but the link you have never created before.
  • When you type “site:yourwebsite.com” into Google, strange content will appear that you never created.
  • You get a notification from the web hosting provider that your server has a problem, which leads to the server being disabled.

 

It should also be noted that if your website changes settings, content, etc., it doesn’t mean that the hacker knows your blog password.

They use many paths that can be taken; bruteforce is only one of them (attempts to try various password combinations).

Hacker also uses backdoor techniques, looking for gaps or holes in the server or on the web itself. They can edit content without needing to know the password.

 

Here are the important things you must do to make sure the WordPress script you are using is safe and not easily the target of hacking by irresponsible people.

 

Initial Guide to Remove Malware from WordPress Website

Before cleaning, you can check via direct access to the website in Chrome.

If your website is attacked by malware, you will get a warning like this:

Warning – visiting this website may harm your computer!

 

After you found out the problem, you can check further using Google’s simple tools:

https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html?hl=en#url=

 

Google will provide reports and simple information such as what malware and what site it leads to and so on.

The first way you have to take is to find, and delete infected files manually.

This method has not touched the Database side but is more about cleaning files in WordPress.

Your job is to clean it.

 

The quick way is to immediately download the latest WordPress and then extract it (faster if the .EXE is on the server).

Then after extracting, remove all the files from your active WordPress and only leave a few files and folders. Some of these files and folders are:

  • wp-config.php
  • .htacesss (if using Apache)
  • wp-content (folder)

 

After that, don’t forget that in the WordPress you just downloaded, remove the wp-content folder and then upload it to the location where your WordPress is having problems.

 

Usually with this simple step some malware can be removed, except for malware in wp-content.

The malware in this wp-content you have to be observant and check one by one if necessary. On average, this malware attack uses an upload script, usually php and or modifications to your Javascript script.

 

These malwares add code that has been encrypted which if you read it you will not understand what it means.

Don’t forget after the cleaning is complete, go to Google Webmaster Tools and report that your site affected by the malware is clean and ask for a review again.

 

How to Remove Malware from WordPress with WordPress Plugins

Sucuri is arguably the pioneer of Website Scanner, with the tagline “Secure your Interwebs” Sucuri is indeed quite capable of scanning websites whether the website you have or the one you are going to visit is safe from malware.

To clean WordPress from malware with Sucuri Scanner is to install the plugins: Sucuri Security – Auditing, Malware Scanner and Hardening.

 

The problem is when your WordPress has been infected with malware and using Google Chrome it will be difficult to log into your website.

McAfee vs Norton2
McAfee vs Norton2

You do this by deactivating Security in Chrome or using Mozilla Firefox, when you get a warning, give information that the website is safe.

After you download and activate it, immediately scan your website and when you find a problem, including any problematic files, do the same as the first step above.

Delete or Replace (if the affected file is an important file) and do it until it’s finished and after making sure everything is clean, do the scanning again until Sucuri really provides information that your site is safe.

 

If it’s safe, the next step is to Submit to Google again telling you that your site is safe and can be visited again.

Alternatively, you can also remove malware with Wordfence or VaultPress plugins.

 

WordPress Health Check

There are several ways to do a WordPress health check, starting with the Sucuri Plugin.

The thing that is no less important, always provide WordPress files on the server which cannot be accessed from anywhere (online) but can be accessed offline (via SSH). Its purpose is to backup and replace quickly.

 

In addition, it can also be used as comparative data, whether your live WordPress files have been modified by hackers or not.

Example to check whether your file is modified or not with a simple command:

[php]diff -r /var/wordpress-offline/wp-includes/ /var/wordpress-online/wp-includes/[/php]

The code above is to find out if there are any file differences.

 

Next is to check File Permissions. What does it mean?

If you mistakenly set File Permissions to Open like 666 or 777 this will be vulnerable to attacks from outside.

WordPress recommends setting it to 644 for files and 755 for folders.

 

Don’t worry there is a way to quickly mass change, make sure you are logged into the server via SSH or Telnet then do the following command:

  • Code Change for Directory:

[php]find /var/wordpress-online/ -type d -exec chmod 755 { };[/php]

 

  • Code Change for Files:

[php]Find /var/wordpress-online/ -type f -exec chmod 644 { };[/php]

 

In the above example your online folder is in /var/wordpress-online/.

 

Post WordPress Malware Cleanup

After everything is clean and running normally, some of these suggestions can be used as a reference so that malware does not attack again.

  • Change all passwords on your website, try a password that is not easy to guess and unique
  • Check Users in WordPress, if you are multi-user, please check to see if there are already unused users.
  • Perform periodic checks including the web browser you are using.
  • Upgrade the server operating system (if your server is under maintenance yourself such as VPS hosting, upgrade immediately for security updates too).
  • Upgrading the Operating System on the Desktop (this is also important) there is a possibility for malware to attack via your PC/Desktop when you update/upload content, the malware has the potential to sneak in.

 

Hopefully these few steps to remove malware from WordPress website will be useful and if you find a more powerful way please comment below.

Leave a Comment

%d bloggers like this:
Available for Amazon Prime