Remove Malware Infection from WordPress

Malware in WordPress is one of the worst things that can possibly happen! When dealing with the WordPress platform it’s very possible that you will become infected at some point in time, its just the way it goes with the World’s most popular open-source website software.

Now you may not want to even deal with it and hire somebody to clean this up for you, but it is rather easy to fix. The first thing you’re going to want to do is get root access to the core site files. You can do this by logging into the cPanel or the FTP or you can use a plugin called WP File Manager to access them as well from inside of the WordPress back-end.

Once you have access to the site files, we can start to begin the cleanup process. The tool that’s used to clean up an infection is called the WordFence plugin. Download this plugin and initiate the scan tool it has. Inside the scan it’s going to check for any type of files that don’t belong in WordPress or files that belong but are infected with malware.

Once the scan completes you’ll see a list of all the infected files, sometimes it can be in the thousands, but don’t worry there is ways to take care of this that aren’t terribly tedious (like deleting the whole folder that contains all the malware). What you want to do is make sure you have a backup of the site available, ideally several backups, and then start to delete these files that are not core files.

If a file is a core file do not delete it it will crash the site, instead look at the code that is highlighted that is a malware infection and go inside of the core file and delete that part of it. This can be a little bit tricky to know exactly what to delete and not to delete but usually it is easy to find where a normal file starts and then go above that or below that and find the malware code and remove.

It can be helpful to pull up a site that’s not infected or a brand new WordPress install and look at that same file, so for example if it’s a wp-config file you would open this file from a brand new site that has the proper file in it to see exactly how this other file should look in your infected site and remove all the parts that are not supposed to be there.

Go through and do this for every single infected file and then re-scan again and see if you’ve got all of them removed. It’ll let you know whether you have them removed or not. Once you have a clean bill of health you’ll want to reach out to your server admins and lock down as much as possible.

Change all your passwords; update all the plugins; remove any themes or plugins you’re not using and make sure your ht-access file is really secure and locked down (ask your server admin for help on this if you are unsure what to do).

This will help prevent any type of breaches in the future, but it’s always a good idea to continue to scan on a regular basis and check a site once it’s been infected because it has a higher chance of being re-infected again.

This is how you remove malware in WordPress and it’s a rather straightforward and easy process, although it can be very frustrating to deal with. If you need help getting through this contact me here and I’ll be glad to assist you!

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Written by: Jophiel Silvestrone

Jophiel Silvestrone has written 326 posts in the Tech Blog.

Jophiel grew up on a ranch in Paradise Valley, Montana near Chico Hot Springs. Working on the ranch instilled work ethic and self motivation. Filled with this drive, Jophiel started mowing the local school's yards twice a month throughout the summers, at the age of 12. He moved to Billings in 2004, where he has been deeply involved in the local business community ever since. A serial entrepreneur, Jophiel has ran multiple businesses in our local community. The first business, a janitorial and carpet cleaning company, founded in 2005, has employed over 50 locals. Moving on to the media industry, Jophiel and several partners founded Green Directory Montana in the spring of 2007. Green Directory's sustainability ranking software awarded points based on sustainable or "green" actions. These points counted towards a business's total "Green Score," which in turn ranked them against other businesses in their category and throughout the entire site. It also featured a limited edition print version distributed annually. A business acquisition allowed Jophiel to focus on new projects, and a few close business colleagues and Jophiel started Rocky Mountain Mr. & Ms. Magazine, a lifestyle publication for men and women in the Magic City. After a year and a half at the helm of RM3 Magazine, the business was purchased. He now runs a web development company SkyPoint Studios and fathers his son Jaoquin, who plays football, basketball, soccer, and is learning snowboarding from his dad. Recently, has expanded to locations in Havasu, Arizona & Vegas. SkyPoint Studios is a market leader in both Billings & Havasu and Jophiel is working on building that same level of market dominance in Vegas. Specialties: Extensive experience in online and offline business. Especially savvy at WordPress, and operate several sites, one example is the blog: skypointwebdesignbillingsmontana.com/tech-blog. Check out skypointwebdesignbillingsmontana.com for the latest projects from SkyPoint Studios.