How to Remove Malware from WordPress Site

It is not an easy task to clean a hacked WordPress Site. But now, it has become more critical than ever to clean up the hacked site, as Google is now banning the site for 30 days in order to prevent the offenders from distributing Malware.

It is recommended to hire a professional WordPress Malware Removal Service as they have in-depth knowledge related to website security and vulnerabilities. But if you are going to attempt for its removal on your own, here are the steps I recommend:

STEP 1: Take Backup of your Database and files

·         Backup your full website using WordPress Backup Plugin or web host’s site snapshot feature.

·         If you are not able to login to the site, the hackers may have compromised the database, in such case, it becomes crucial to opt professionals for WordPress Malware Removal.

·         If you can log in, Go to Tools > and then Export (to export an XML file of your content)

Step2: Download the backup files and examine them

After taking the backup, download those files and double-click the zip files to open it. You should see:

·         Core Files of WordPress

·         The wp-content folder

·         The wp-config.php

·         The database

·         .htaccessfile

Step3: Delete the files available in thepublic_html folder:

After examining the backup files, you have a complete database of your website. Now delete all the files available in the thepublic_html folder except CGI-bin folder. To delete the files, use web host’s file manager as it is faster as compared to delete them using FTP.

Step4: Reinstall WordPress:

Reinstall WordPress in public_html directory, using one-click installer available in web hosting control panel. On the new installation of WordPress, edit wp-config.php file in order to use the credentials from your previous site.

Step 5: Reset all your passwords:

Login to your website and reset all your usernames & passwords. If there is any user that you don’t recognize, then your database has been compromised,and it is recommended to opt for WordPress malware removal services.


Step6: Reinstall Plugins and themes:

Reinstall all your plugins and themes from plugin developer but don’t install the old plugin and themes.

Step 7: Upload the images for Backup:

Now, this can be a tricky and tedious task. You need to copy all the old image files to the new wp-content upload folder. The tricky and tedious task in this is to check the image folder for every month and year and upload only the image files not PHP or java files as it may have the hacked files also.

Step 8: Scan your Computer System:

Scan it for viruses, trojans and other malware

Conclusion: The above steps can help you in removing malware from your WordPress website but it may be risky if you lose some data or site, so it is better to leave such things in the hands of professionals. Many professionals and companies remove malware from your Word Press site, and they do it without any loss of your information as they are experienced and have in-depth knowledge related to website security.