Remove Malware from your WordPress Site

Remove Malware from your WordPress Site

Running and maintaining a website requires a commitment to security. Hackers frequently target websites of individuals from all over the Internet, occasionally employing malware as a tactic. This blog is for you if you’re seeking for instructions on how to get rid of malware from your website. Here are some actions you may do to maintain the security and cleanliness of your WordPress website.

Put your Site into Maintenance Mode

You should put your website into maintenance mode as soon as possible. Visitors can’t see the content of your site during this process, but they can see a notice indicating your website will be active soon.

To put your website into maintenance mode, you may use plugins like WP Maintenance Mode or Coming Soon.

With just a few clicks, you can quickly install maintenance mode for your website with free application. Go to Settings WP Maintenance Mode after installation and activate it.

Select “Active” under “Status” after that. Click the Save Settings box at bottom of the page when you are finished. The website is presently under repair.

Create full Backup of your Site and Database

Always make a backup of your WordPress website. In case that something went wrong or you unintentionally remove something, it aids in website recovery.

Your files and database are the two factors that you’re supposed to back up. Information about users, settings, and content is stored in the database. Themes, plugins, graphics, and everything else are files.

Utilizing a WordPress backup plugin is the best option. You may quickly and easily back up your website in immediate time, as well as download files and databases as needed. Any modifications you make will therefore be preserved for later use.

Nevertheless, you can manually backup your WordPress website using “phpMyAdmin” and FTP software. This process requires more technical expertise and patience.

Find all Malware on your Website

The next step is to locate the malware after your website is ready. This includes looking through files, databases, and source code. Utilizing a virus scanning program like “Malwarebytes” is one approach.

You must search for indications of infection in all important areas of your website in order to manually detect malware. You can look through database to discover formulas that fraudulent individuals frequently utilize.
There are two primary categories of functionality to search for when scanning source code for malware,

Scripts and iframes. Common red flags include lines that start with “script=>” or “iframe src=URL>” and contain suspicious URLs or filenames.

Delete all core files and make a fresh installation

One of the best ways to fix a compromised site if your WordPress installation is broken is to replace all of the original WordPress files with a fresh set of files. Only the main wp-config.php file and wp-content folder will remain after doing this.

Install WordPress by first downloading it from

The wp-config.php file and wp-content folder should be deleted after unzipping the file. You simply need to get rid of these two folders. The remainder may be left alone.

The remaining files can then be uploaded to your server using an FTP program or your file manager. Replace your current installation with this one.

Clean out any harmful code from the wpconfig.php file

Comparing your wp-config.php file to the original version supplied by the WordPress Codex is also an excellent idea. You can quickly recognize and locate anything introduced, including dangerous code, using this step.

Get a fresh copy of wp-config.php by downloading it from the WordPress Codex. Open this file to compare with your current wp-config.php file in a text editor. Even if a file’s differences from the original can have valid justifications, particularly when it involves database information, take your time to look for anything odd and remove it if necessary. Save the erased file after completion and upload it to your server.

Install your theme again using a fresh version

The WordPress theme must then be completely reinstalled. You want to prevent the loss of all of your work, which includes any customized adjustments and a copy of the template that retains the functionality and aesthetic of the original template, while utilizing a child theme. As a result, you ought to reinstall an updated version of the theme while leaving the original one alone.

Disable your primary theme by going to Appearance Themes in your WordPress dashboard. The main theme folder should then be deleted using FTP or your file manager.

Go to the WordPress library and locate the theme you’re using and download the most recent version if you are. You have to download the theme files from the source where you are currently using a premium theme or a free alternative. Go to Appearance then choose Themes on your dashboard, then click Add New after that Upload Theme.

Choose the zip file you downloaded. After downloading, select “Activate” from the menu.

Your child’s theme is now ready to use. Your site should now be using the most recent version of your primary theme while retaining all adjustments made by child themes.

Search & fix recently updated code files

Viewing all more recent modified files is the next step. Using an FTP connection or a file manager, access your site, and arrange your files according to the “Last Modified” column.

Note any files that have recently been updated. Next, add any suspicious code after going through each line of code one by one. These may include PHP tools like eval, gzuncompress, and str_rot13.

Restored hacked database tables

Malicious content can be created in your database tables if your WordPress site has malware on it.

Enter the phpMyAdmin management panel (accessible from your hosting provider), access to the database table containing the malicious content, and delete it to clean the table. By compared to the original and updated files, or by utilizing a scanning tool, you can find the affected tables.

Please be aware that you must first backup your website. Earlier backups contain the original files. Then, among other things, you might look for frequently utilized features (next steps). You can manually delete any information that is discovered.

Save your modifications, then check to see if your site is still operating properly. Use a program like WP-Optimize if you don’t want to manually change your database tables.

Although it can clean and improve your database, this plugin cannot remove viruses. However, we advise adopting a tailored solution if you want to employ plugins to find and delete WordPress malware.

Find and close the hidden backdoors

There is frequently a “backdoor”—a way to enter again—that is hidden when hackers access a website. Usually, a file with the exact same name as a standard WordPress file but in the wrong directory has this input field.

Look for regularly used files and folders like wp-content/plugins, wp-content/uploads, and wp-content/subjects in order to locate and remove hidden backdoors from your WordPress site.

Look for certain PHP features in these files, such as:



preg_replace (with /e/)



strip slashes





By themselves, these characteristics do not point to nefarious action. However, the manner in which it is used or the environment in which it is utilized could be dangerous.

By themselves, these characteristics do not point to nefarious action. However, the manner in which it is used or the environment in which it is utilized could be dangerous.

The following are some examples of what malicious PHP generally does:
-For it to operate undetectably, place it either before or after valid code.
-A lengthy string of unrelated letters or numbers.
-Recent addition to the code.
-Contains reinfections, or malware that replicates after being removed, like bogus plugin folders and 444 permissions.

It is a good idea to compare the current file to the original file to identify the source of the code, much like with database tables.

We advise against altering WordPress files unless you are familiar with doing so because doing so may compromise your website’s essential functioning. If not, we advise either utilizing a scanner plugin or contacting a specialist.

About the Author

Leave a Reply