Malware attack is an infamous word for WordPress users. Removing malware from a WordPress site is no easy task. In this article, we will describe the WordPress malware removal guide.
Table of Contents
What is WordPress malware?
WordPress malware is a piece of code that is designed to infect and harm WordPress sites. WordPress sites can easily be affected by malware due to inadequate security. The most common way WordPress sites get infected with malware is through weak themes and plugins WordPress malware mostly steals sensitive data or is adware. A WordPress malware removal guide is an essential document for a WordPress admin.
The situation of the affected site
Before you get into the WordPress malware removal guide we have to check the situation of the affected website. In this case, we will divide the situation into two sections:
- Admin can’t log in or the whole data is encrypted: In this situation, we highly recommend contacting us RedNode. Because maybe the site has been infected by ransomware or the site has been infected by rootkits. In any mistake steps the whole data can be erased. It’s safe to leave it to an expert. RedNode is fixing WordPress websites for more than 10 years.
- Admin can log in and the data is not encrypted: This is a common situation after a malware attack. There is nothing to be afraid of. If you take every step carefully then you get back your website as before fresh and clean. To remove malware follow the bellow WordPress malware removal guide.
WordPress malware removal guide
We will complete the WordPress malware removal guide in 8 steps. Here are they:
1. Backup the site files and database:
This is the easiest but most time-consuming step of the WordPress malware removal guide.
- Go to your server’s admin panel and back up the whole site. Make an additional backup of your database. Some sites can be large and take time to back up. The wp-content is the most important folder to back up. It contains all the uploads.
- Note about .htaccess files: Make a backup of your
.htaccessfile and download it. It’s an invisible file, so you’ll only see it in the web host’s file manager if you choose to show invisible when you launch the file manager. Rename this file to remove the period in the beginning so that you can see it on your computer, otherwise, it will disappear on your computer as well. Then download it. You may need to back up your
.htaccessfile if it contains content you need to copy back to your clean site. Some hosts use .htaccess to determine the PHP version you are using, so the site will not work properly without it. Sometimes for SEO purposes, peoples redirect the .htaccess file. Also, the .htaccess file can be hacked, so you’ll want to check that later. Having a backup problem with the website Follow here. → How to back up a WordPress website.
2. Download and Examine the backup files
This is the most important step of the WordPress malware removal guide as in this step we are going to remove the malware.
- Download the backup into your computer and open the wp-config.php file from the backup folders. It contains all your passwords, usernames, and keys from your database. Collect those keys, passwords, and usernames manually. Save it in a notepad. Remember these usernames, passwords, and sensitive keys are case-sensitive.
- .htaccess file will be invisible turn on the “see invisible files” from your file managers options. Now download WordPress again from wordpress.org. Open the .htaccess file from the fresh WordPress and compare it with your backup’s .htaccess file to see any changes. Then replace it with the new .htaccess file. It’s better to take the help of a developer or just contact with RedNode.
- Open the wp-content folder ignore everything go to wp-uploads now examine all the important uploads and see any suspicious files. You can examine it with a good scanner or ask RedNode. Just keep the important uploaded files.
- Now match your backup core word press files with the newly fresh downloaded WordPress files. See if you find any mismatch. The best thing will be to remove them from the backup. Don’t delete those core files just use the cut tool to move them to another folder. They will be important to investigate the hack.
3. Bringing the website back to live again
This is the last step of the WordPress malware removal guide. Here:
- Delete all the files in the public_html folder from your server.
- Reinstall WordPress, themes, and plugins on your website again. Note download themes and plugins from the original website and store.
- Now reset the passwords, usernames, and keys as found in your wp-config file. Also, update the permalinks on your website.
- Upload all the data you sanitize from the previous backup.
- Scan your computer. It could be that malware infected your computer from the backups. It is not so rare. So, scan and secure your computer too.
- Finally, browse and use every functionality of your website to check if there is any glitch. If you found any gitch it’s better to contact us asap.
WordPress malware removal can be a bone-shaking task. It is easy to get infected by one but very hard to remove one. You can try to follow the above WordPress malware removal guide to remove malware from your website. It is the best and easiest guide to remove WordPress malware. It’s not always possible for a website admin to remove malware by him/herself. It is better to let an expert handle it. RedNode has more than 10-year experience in this field. You can contact RedNode for help and service.