How to identify and remove malware infection from a WordPress Website?

Malware in WordPress websites are big problem for now a days and this has become more common, the main purpose for this could be stealing data from your site, apply phishing attack or adding unwanted links into the website to get back links or redirect user to spammer’s domains.

Cleaning malware from a WordPress site can be complex, and it's essential to follow these steps carefully to ensure that your site is clean and secure.

How can you know if your site is infected with malware?

It is very difficult to detect if your WordPress website is infected with malware or viruses; You have to follow these steps.

1. Performance issues:

   If your site is infected with malware then the performance of your site will start falling in search engines. The main reason why Google removes infected and virus affected sites from the search engine very quickly is to improve the user experience of Google. Google does not want any blog or spam site of any publisher to be visible to the user.
   
   

2. Seeing sudden changes in Google search console or Google analytics data:

   If your site has been attacked by malware or your site is infected with any kind of virus, then Google Search Console will show a large number of spam pages that have nothing to do with the site. And unwanted traffic will either slow down or go down completely.
   
   

3. Unwanted Redirects, Content and Users:

   Many times when you open a site, it will redirect to a spam or malicious URL, and unwanted users or pages will automatically be created on your sites.
   
   

4. Server error or access issue:

   Many times, without making any changes to the code or site setting or Plugin update, a 500 or 505 error starts appearing in the site or some time admin panel of the site becomes restricted.

All these are signs that indicate your site has been infected with malware or viruses.

It’s time to take action to get rid of malware and viruses.

How to fix your WordPress website from malware or viruses?

Once you have confirmed that your WordPress website has been infected with malware, it is time to follow some steps to get rid of it.

1. Take Backup of your Website and database:

   Before making any changes into the website you first need to take the complete backup of your website and database. If you are not sure how to take backup of site and database follow our article How to take backup of wordPress Website?
   
   

2. Isolate the website:

   If it is possible, take your site offline or move to another or local server to prevent the spreading of malware into your server or other hosted site.
   
   

3. Delete WordPress Core files or folder:

   Malware gradually spreads into all the directories and files of WordPress, so first of all we have to remove the wp-Include and wp-admin folders and also delete all the .PHP files of the root. Do not delete wp-content folder, wp-config.php files and .htaccess file otherwise your site MySql database connection and URL rewriting errors may occur.
   
   In the screenshot you can see the file structure of WordPress site so delete all the folder and files except 1,2 and 3 marked file and folder.
   
   

4. Re-Upload Fresh files:

    
   Step 1: Download WordPress:
   Go to https://wordpress.org/download/ and download latest WordPress.
   Note: Check with your developer if your site has any Plugin or theme that is not compatible with latest WordPress version. In this case download compatible WordPress files from WordPress download archive. To download any specific WordPress version files visit https://wordpress.org/download/releases/ 
   
   Step 2: Extract WordPress achieve:
   Once you will download WordPress online. Extract the files in your system.
   
   Step 3: Once successfully un-archive/unzip the zip folder you will see latest WordPress files and directories structure same like the screenshot below.
   
   Step 4: From the extracted files remove wp-content folder (see screenshot step3). Now you will have only wp-admin, wp-includes and root files with .php extensions in your directory.
   
   Step 5: Upload all the files into your server, where you deleted wp-admin, wp-includes and root files in .php extensions.
   
   Step 6: that’s it. Move to next now.
   
   

5. Remove unwanted files/Script from theme and Plugins:

   check all the files form theme and Plugin manually and find if any suspicious script or code is written in any file, remove that code from /files or upload updated file.
   
   

6. Reinstall Clean Versions of theme and plugins:

   Update all your Plugins manually or through the admin panel. If your theme is not optimized then update it or check with your developer if it is good to update the theme online or not.
   
   Note: If there is no update available for a Plugin or theme, simply download the same theme or Plugin from online sources.
   
   

7. Update/Change Password:

   Change/update password of your database and admin panel both and always use numbers and special characters into your password to make it unpredictable for hackers and robots.
   
   

8. Check Unwanted Users in database:

   check if there are any unwanted user records exists in “wp_users” table if yes remove them immediately see screenshot below:
   
   if your website is ecommerce and woo-commerce installed than you need to check form admin panel and check if any suspicious user has been created. Remove any unauthorized users, especially those with admin privileges.
   
   

9. Use Malware Scanner and WP Security Plugins:

   There are many online malware scanner Plugins available for WordPress which strengthen the security of your website. Some are paid and some are free, you can install them as per your understanding and their user reviews. Few of them like Sucuri, Wordfence, All in One Security (AIOS) etc.
   You can also try their paid version to double the security.
   
   

10. Server Scanning:

    Ask your Server administrator or hosting administrator to scan your complete server to prevent your website from malware.
    
    

11. Review and Harden Security:

    Review and Monitor your website on regular basis and keep eye on any unintentional file changes or folder into the server, Also secure your admin panel access. Many robots try to access the panel from http://your-domain.com/wp-admin or http://your-domain.com/admin or http://your-domain.com/wp-login.php.
    
    Try to disable administrator access via http://your-website.com/wp-admin or http://yourwebsite.com/wp-login.php.
    There are many Plugins online that can add functionality to disable direct access to the admin panel.
    You can create your own admin name like http://your-domain.com/mycms or /mybackpanel etc.
    You can give whatever name you want to your admin panel. Few of them are Hide WP Admin Login, WPS Hide Login etc.
    
    
12. Contact with Expert WordPress Developer: If you are still struggling with the Malware problem, you will have to connect with a Expert WordPress development company which will update it for you and make your site user friendly.

Conclusion:

To keep your WordPress site safe from malware and viruses, download site Plugins and themes from the authenticated online sources and keep your theme and Plugin updated always. User best and WordPress recommended hosting server. Also It is important that you choose the right hosting service as well as a WordPress design company that follows the authentically and standard process to setup WordPress website.