Malware in WordPress is one of the worst things that can possibly happen! When dealing with the WordPress platform it’s very possible that you will become infected at some point in time, its just the way it goes with the World’s most popular open-source website software.
Now you may not want to even deal with it and hire somebody to clean this up for you, but it is rather easy to fix. The first thing you’re going to want to do is get root access to the core site files. You can do this by logging into the cPanel or the FTP or you can use a plugin called WP File Manager to access them as well from inside of the WordPress back-end.
Once you have access to the site files, we can start to begin the cleanup process. The tool that’s used to clean up an infection is called the WordFence plugin. Download this plugin and initiate the scan tool it has. Inside the scan it’s going to check for any type of files that don’t belong in WordPress or files that belong but are infected with malware.
Once the scan completes you’ll see a list of all the infected files, sometimes it can be in the thousands, but don’t worry there is ways to take care of this that aren’t terribly tedious (like deleting the whole folder that contains all the malware). What you want to do is make sure you have a backup of the site available, ideally several backups, and then start to delete these files that are not core files.
If a file is a core file do not delete it it will crash the site, instead look at the code that is highlighted that is a malware infection and go inside of the core file and delete that part of it. This can be a little bit tricky to know exactly what to delete and not to delete but usually it is easy to find where a normal file starts and then go above that or below that and find the malware code and remove.
It can be helpful to pull up a site that’s not infected or a brand new WordPress install and look at that same file, so for example if it’s a wp-config file you would open this file from a brand new site that has the proper file in it to see exactly how this other file should look in your infected site and remove all the parts that are not supposed to be there.
Go through and do this for every single infected file and then re-scan again and see if you’ve got all of them removed. It’ll let you know whether you have them removed or not. Once you have a clean bill of health you’ll want to reach out to your server admins and lock down as much as possible.
Change all your passwords; update all the plugins; remove any themes or plugins you’re not using and make sure your ht-access file is really secure and locked down (ask your server admin for help on this if you are unsure what to do).
This will help prevent any type of breaches in the future, but it’s always a good idea to continue to scan on a regular basis and check a site once it’s been infected because it has a higher chance of being re-infected again.
This is how you remove malware in WordPress and it’s a rather straightforward and easy process, although it can be very frustrating to deal with. If you need help getting through this contact me here and I’ll be glad to assist you!
Read next: Keeping WordPress Safe