WordPress is the world’s most popular and most used content management system. So, it’s no surprise that users experience many hacks and malware infiltration. As a WordPress user, you need to secure your website adequately.
Hackers use different methods to take advantage of websites, and you most likely can’t be prepared for all their tricks. However, malware is the most common cyber issue you’ll face as a WordPress site owner. Hence, rather than having to call on a professional every time there’s a malware attack, it’s important to know how to remove malware from your WordPress site yourself.
Types of WordPress malware
Of the thousands of malware out there, these types affect WordPress sites most often:
Backdoor: In this case, the malware creates a backdoor, which allows attackers to infiltrate the site without sounding an alarm to the website owner.
Pharma Hacks: Here, attackers breach your site and use your SEO ranking to spam index their sites and webpages. So, they use your resources to drive traffic to their pages.
Malicious Redirects: The primary function of redirect malware is to cause your website to lead to a scam website. So, when people type in your website address, it leads to their site. Drive-by downloads: Malware like this causes unsolicited payloads to download to the local device of your website’s users. An example is a script prompt that tells your users about a virus infection on your website – and that they need to install reliable antivirus software.
How to identify malware on your WordPress site
Beyond waiting to see the active effects of malware on your WordPress site, here are some tips for finding, identifying, and mitigating malware infection early.
Scanning your site
There are different types of malware. Hence, to begin solving any malware issue, you must first understand what kind of malware you’re dealing with. There are various WordPress plugins for scanning websites for malware payloads. Examples are SiteCheck and Sucuri.
Inspect your core WordPress file integrity
You need to frequently run checks on the core files on which your website is built. In your site’s webroot, there are files like wp-includes and wp-admin. These files mustn’t be altered. Hence, always check their integrity to be sure that malicious software has modified them.
Inspect recently modified files
When you notice signs of hacks, check site files that have been recently modified. You can do this by reviewing your cPanel or SSH.
Inspect your Google diagnostic pages
When your website’s security and SEO integrity is compromised, search engines like Google may blocklist you. When this happens, use the diagnostic tool they provide to see how secure your website is.
How to Remove Malware from WordPress Site
You can manually remove malware from your WordPress site using a plugin or by hiring a malware removal service.
Manually removing malware from the WordPress site.
You need some technical knowledge to remove malware from your WordPress site manually. But following the step-wise direction below will give you a better understanding of what to do.
Preparing your WordPress site
Before you start the malware removal process, do the following:
Restrict access to the site
If your website suffers from activities like illegal redirections, or unsolicited publications, it’s an indication that it’s been compromised. To prevent further damage, restrict access to your WordPress site. You can limit access by editing the file with the .htaccess extension. You can do this via the file manager on your cPanel.
- Go to File manager
- Go to the public_html directory and find the .htaccess file. If the file doesn’t exist, create one – .htaccess file.
- Add this code to the file.
“order allow.deny
deny from all
allow from {Enter your IP address here}.”
- Click save
Create backup
When your website is backed up, you can compare details of the good backup files and new backups containing the malware. This way, you identify the malware faster.
- In the files section of cPanel, click on Backups
- Under “File backups,” click select
- Download all backup files
- Also, backup your WordPress database after the website backup is complete
- Click on show databases and select the one to download. Download.
Check for available backups.
Check your website host to see if your backup files are there. You can also do this before creating a backup manually, as most host platforms automatically back up data.
Change access keys and passwords.
Attackers mainly use brute force to crack the login details of website admins. When you change passwords, you slow their activities and put one more stumbling block for other security risks.
Update your WordPress
When your WordPress is outdated, your website is susceptible to hacks. Eliminate risks by constantly updating them.
Check for recent changes.
Every activity on a WordPress site is logged. Check for any suspicious activity.
Remove Symlinks
Symlinks are shortcut files that point to other directories. Hackers breach symlinks to access a site’s root directory.
Reset file and Folder permissions
When you suffer a website attack, reset all file and folder permissions to their default value.
Re-install WordPress Core Files
Now, to re-install WordPress, check if you still have access to your dashboard. If you do, go to “Updates” and click “Re-install now.” However, if you don’t have access to your WordPress dashboard, use an FTP client.
- Create an FTP connection
- Find the wp-content folder in your server’s root directory. Right-click and “download.”
- Visit your cPanel dashboard. Click the “Website” and “auto-installer” buttons. Choose the WordPress option you need and “overwrite existing files.”
- Return to the FTP client, and reload the directory. Then, upload the “wp-content” folder you downloaded before back to the root folder.
Compare Clean and Infected WordPress installations.
You can use your FTP client to compare the two folders. Pay attention to differences in the Javascript and PHP files – that’s where malware can be added.
Remove PHP files from uploads.
Remove PHP files from the ‘uploads’ folder, as they may be responsible for the breach on your site.
Find the backdoors in your files.
Backdoors are loopholes hackers put in your files to make your security system vulnerable. Hence, you must remove the infected files. Malware creating backdoor often look like core site files, so you must be careful. You’ll often find backdoor injection in the “uploads” folder, plugins, themes, etc.
Check the SQL database.
Malware injections can also affect the database. So, when you’re done cleaning your WordPress core files, check your database. Export your MySQL database files as .sql. You can do that with phpMyAdmin. You can do your inspection of the database file with Sublime Text Editor. Don’t delete any suspicious input yet. Go to the next step.
Review the code
Check for all the suspicious activities on every page and aspect of your website. Try to match the activities with the malicious codes you find in step 6 above. If they match, remove or reformat the content. You should also delete all spam messages you see.
Remove your site from blocklists.
When you’re done cleaning your website, remove your site address from Google’s blocklist. You can use Google Search Console for that. Go to the admin dashboard and click “Security & Manual actions,” then “Security issues.” Then, you can click on “I have fixed these issues.” Finally, “Request a review.”
Conclusion
If you don’t want to remove malware manually, you can use special WordPress plugins. If the problems persist, reach out to a professional malware removal service.
