How to detect and remove malware from a WordPress site

Losing access to your website is much more painful for you. Currently, WordPress websites have become the number one target for hacker attacks. Research says that at least 13,000 WordPress websites are hacked every day. As many as 390,000 sites are hacked every month and 4.7 million every year. So, if you have a WordPress website, you should check the status of your site at least once a month to ensure that your site is not attacked.  If, unfortunately, your site is infected with malware, immediate action should be taken.

Today I am going to discuss 7 steps to detect malware on a WordPress site and remove it permanently.

What is Malware?

Malware is malicious software. This means that once this software gets access to your website, it can take it down your website or abuse the site.

There are different types of malware. Some common malware is:

• Trojan: A Trojan presents itself to you as legitimate software to run malicious software on your computer.

• Spyware: Spyware attacks your computer and tries to steal your personal information such as credit card or banking information, web browsing data, and passwords to various accounts.

• Adware: Adware is unwanted software that displays advertisements on your screen.

• Rootkits: Rootkits enable unauthorized users to gain access to your computer without being detected

• Ransomware: Ransomware encrypts your files and asks to pay a ransom.

• Worm: A worm infects your computer and replicates itself.

• Keyloggers: Keyloggers track keystrokes on your keyboard and record them in a log and this information is used to gain unauthorized access to your account.

How to detect malware on your WordPress website

If you want to remove malware from your WordPress site, first you need to know how to detect malware. Now let’s learn how to detect malware from a WordPress site.

• Scan your site with a security plugin: There are several WordPress security plugins that can scan your site. Examples include Wordfence Security, Sucuri Security, and MalCare.

• Check your site if you see any changes on the site: If you see any changes in your WordPress files or database such as new files or code that you didn’t add. Then you can check your files using an FTP client. Make sure there are no unknown admin accounts

• Watch for suspicious activity: Check your site’s access logs for any unusual activity, such as multiple login attempts? You can use plugins for this or view logs through your web host or web server

• Use an online scanner: There are several online scanners that can scan your site for malware Examples include VirusTotal and Quttera. These scanners can check your site against known malware and detect any suspicious code.

• Sucuri Site Check: Sucuri Site Check is another popular malware scanner. Apart from searching websites for malicious code, it checks your website blacklist.

If you click the Scan website button with the site URL, your site will be scanned within minutes.

After scanning your site, if you find that your site is infected with malware, remove the malware as soon as possible.

Follow these steps to remove malware from your website:

1. Enter maintenance mode

2. Take a full backup of your WordPress website

3. Reinstall WordPress in your cPanel

4. Remove malicious code from your wp-config.php file

5. Reinstall a new theme and necessary plugins

6. Remove the hidden back door

7. Ask Google to re-index your WordPress website

Step 01: Enter Maintenance Mode

When you are sure that your site is infected with malware, you must take the necessary steps to remove that malware. To do this, the first thing you need to ensure is that you have put your site in maintenance mode

This process hides your website content from visitors and displays a message telling them that your site will be back soon. There are free plugins to put your site in maintenance mode. You can use a plugin like Lightstart or Site Offline to get your work done. Let’s say, you have installed and activated Lightstart plugin, now navigate to Settings -> Lightstart to access maintenance mode.

Next, select Active as the status. When you’re done, click the Save Settings button at the bottom of the screen. Your site will now go into maintenance mode.

Step 02: Take a full backup of your WordPress website.

Before making any changes to your website, it is always a good idea to take a full backup of your website. Files and databases should be backed up. The database is where your content, settings and user information are stored.

The easiest way to take a site backup is to use a WordPress plugin. There are free WordPress plugins like UpdraftPlus, BlogVault and Jetpack to get your work done.

Step 03: Reinstall WordPress in your cPanel.

After backing up your WordPress website, now reinstall WordPress in your cPanel.

Step 04: Remove malicious code from your wp-config.php file

Download a fresh copy of the wp-config.php file from WordPress. Compare your wp-config.php file with the code in the WordPress core file This step will make it easier to detect anything added like malicious code

There are valid reasons why your file may differ from the original, especially when it comes to information about your database. But take the time to look for anything suspicious and remove it if necessary. When you’re done, save the cleaned file, then upload it to your server.

Step 05: Reinstall a new theme and required plugins

Your theme or plugin may contain malicious code. To avoid this risk, you need to reinstall your theme and all required plugins

To reinstall your theme, go to your WordPress dashboard and install and activate your chosen theme.

After reinstalling the theme, now reinstall all plugins used on your site.

Step 06: Remove the hidden back door

Hackers can embed backdoors in files to create security vulnerabilities within your WordPress site, so it’s important to remove any hacked files that carry them.

To detect possible backdoors, check your files for these PHP functions:

• Base64

• exec

• str_rot13

• gzuncompress

• eval

• Stripslash

• preg_replace (with /e/)

Use the following SSH command to locate any hacked files located in your directory:

Step 07: Ask Google to re-index your WordPress website

This is an additional step in removing malware from WordPress websites. By now the malware must have been removed from your website. Now all you need to do is ask Google to re-index your WordPress website.

You can do this using Google Search Console. Navigate to your Google Search Console admin dashboard and open the Security & Manual Actions -> Security Issues tab. Select I fixed these issues -> Request a review to have Google review and re-index your WordPress site.

Note that Google may take a few days to process blocklist removal requests.

How to Remove Malware from a WordPress Site Using a Plugin

If you don’t want to manually remove WordPress malware, you can use a plugin to clean your website. Here we are going to use Wordfence plugin to create this tutorial.

Step 01: Install the Wordfence plugin

Go to your WordPress dashboard, click on “Plugins” and then select “Add New”. Search for “Wordfence”, install the plugin and activate it.

This is an image that shows how to install Wordfence plugin from a WordPress dashboard

Step 02: Scan your website

Once Wordfence is activated, go to “Wordfence” in your WordPress dashboard and click “Scan”. Select “Scan Type” as “Full Scan” and click “Start New Scan” button. Wordfence will now scan your website for malware.

Step 03: Review the scan results

After the scan is complete, Wordfence will display a list of identified issues. Carefully review the results and identify which are malware or suspicious files Then locate the files to remove the malware and select the action you want to take (quarantine or delete).

This image shows the scan result of your website by wordfence plugin.

This is how you can remove malware from your WordPress website.

Advantages of Wordfence plugin: –

Wordfence is a comprehensive security plugin that includes a web application firewall, malware scanner, and login security features to protect your WordPress website from various threats.

Key benefits

• Includes a Web Application Firewall (WAF) that detects and blocks malicious traffic.

• Scans your WordPress site for malware, viruses and other threats.

• Provides various login security features including two-factor authentication, password policy and login page captcha.

Malware attacks on a WordPress website are nothing new. Every day several WordPress websites face different types of malware attacks.

No need to fear a malware attack on your site. Because you already know how to remove malware from a WordPress site. So, keep calm and follow the above mentioned 7 steps to secure your site

Share it on:

Leave a Reply

Your email address will not be published. Required fields are marked *

Mijanur Rahman

Facebook Twitter Youtube Linkedin Pinterest Skype

@mijanurrahaman. Al rights reserved.