Knowing how to scan and remove malware from a WordPress website is crucial for webmasters. WordPress is susceptible to malware due to its large user base of beginners. This article explains what malware is, signs of infection, and steps to manually scan and remove malware. Backing up, scanning with antivirus software, deleting infected files, resetting passwords, and reinstalling plugins and themes are key steps. Using security plugins like Sucuri can simplify the process. Additionally, steps to remove warning labels from Google search results are provided. By following these steps, website owners can effectively remove malware and prevent future threats.
Knowing how to scan WordPress for malware and remove them from your website is a skill every webmaster should have. In particular, the WordPress platform is highly susceptible to malware infection because it is a large platform, and users are often newbies with little knowledge about virus prevention.
If you are about to create a WordPress website, read this article to gain some knowledge about malware in WordPress.
If your website has been infected with malware, don’t worry, after reading this article you can rest assured and confidently continue operating your WordPress website. This article will show you the simplest and most effective way to scan WordPress for malware. We will then proceed to remove that malicious code from your website. But first, let’s find out what malware is?
What is Malware?
Malware is the English word for malicious software or malicious code. It is a general term for malicious programs and files that can compromise the system. Malicious code can damage computers, servers, networks, and websites. There are many types of malware such as viruses, worms, trojans, and spyware. In particular, they can compromise sensitive data, such as users’ personal information. Therefore, please pay attention to website security.
Signs that a website is infected with malware:
- The site has had unwanted changes to its content: the addition of facts or the deletion of information without your permission.
- Spam, whether in the form of emails or suspicious links spread from your website.
- Your URL will redirect to untrustworthy websites, deceptive ads, inappropriate, and malicious content.
- Server resource consumption increased dramatically.
- Google will mark your site as unsafe in browsers and search results.
- Negative impact on SEO (Your SEO score will not be high).
If you encounter the above situations, you need to quickly scan your WordPress website for malicious code and remove them from the website immediately!
How to manually scan WordPress for malware
The manual method can be time-consuming and require more technical knowledge, but it can give you detailed information about where the attack occurred. If you want to use a simpler alternative to remove malware from your WordPress site, use a security plugin.
Steps to remove and scan WordPress malware:
1. Download a backup of your website
Always backup before adjusting important website files.
There are two ways to do this. If you cannot log in to your WordPress admin page, you can save a copy of the folder public_html of the website through file manager or FTP client.
- File manager – right-click on the folder public_html and choose compress. Compress. Once done, save it to your computer by right-clicking and downloading.
- FTP – go to Site Manager -> Connect and then download the folder using the same method as used above. The only difference is that you will need to use an FTP client like FileZilla.
If you still have access to your website, you can use plugins like UpdraftPlus, Backup Buddy or VaultPress to save time.
Last but not least, keep a backup database Yours is stored locally.
2. Scan WordPress website for malware on your computer
We recommend that you download the backup using an FTP application or file manager and then check the website for malware with antivirus software.
Use anti-virus and Malware scanning systems such as Windows Defender, Kaspersky or MalwareBytes to identify malicious code. If the scan is successful, it will help you find malicious code and remove it from your website. Then upload this new website version to hosting.
3. Remove Malware infection
There are several actions you can take to remove Malware from your WordPress site. First, you need to access your website’s files via FTP or file manager.
Delete every file and folder in your website directory except wp-config.php and wp-content.
Then open wp-config.php and compare its contents with the same file from a new installation or wp-config-sample.php can be found on WordPress GitHub repository. Look for long, strange or suspicious code snippets and remove them. You should also change the database password after checking the file.
Next, go to the folder wp-content and perform actions on these folders:
- plugins – list all your installed plugins and delete the subfolder. You can then download and reinstall them. Be careful not to download pirated plugins or of unknown origin on the Internet.
- themes. themes – delete everything except your current themes and check for suspicious code, or just delete the directory completely if you’re sure you have a clean backup or don’t mind reinstalling.
- uploads – check if there are any files uploaded that are not yours
- index.php – after you have deleted the plugins, delete this file.
4. Use the latest WordPress source code to re-upload to the website
Download the source code WordPress root and upload to your website via FTP or file manager.
Go file manager press Upload Files and find the WordPress zip file. Once the upload is complete, right-click or button Extract and enter a folder name to specify the save location. Copy everything other than the file into the zip public_html.
Alternatively, you can use the one-click installer and edit the database login information in the file. wp-config.php to properly configure the database.
5. Reset WordPress password
If your website is managed by multiple people, the attack may have occurred through one of their accounts. You should reset the password log out of any accounts, and check for any inactive or suspicious user accounts that need to be deleted.
Change passwords to long, random strings that are impenetrable to attacks. You can use the tool create password.
6. Reinstall Plugins and Themes
Now that you have removed the Malware from your WordPress site, reinstall all the removed plugins and themes you have. However, be sure to remove old and no longer maintained plugins.
We recommend installing security plugins that can protect your WordPress site and easily remove malware in the future. Use one of several proven plugins like MalCare, WordFence or Sucuri.
How to remove and scan WordPress malware using plugins
If you want a faster way to scan your WordPress website for malware, you can use a WordPress security plugin.
With this article, we will demonstrate how to remove malware from a WordPress website using Sucuri. But first let’s look at the features of the Sucuri malware removal plugin:
- Scan WordPress malware from the server side (premium version) and remotely (free version). The free version only detects on-site Malware while the premium version can check the back-end of your website.
- Detects compromised WordPress files in your system and replaces infected files with their original copies.
- Run anti-virus software and check whether your website database is blacklisted or not.
- Enhance your website’s security to prevent Malware attacks.
- Notify you whenever signs of Malware activity are detected.
- Set up a firewall on your website (premium version).
You can download Sucuri from WordPress plugin repository.
Once installed, you need to visit the plugin’s page and Generate API key to fully activate the plugin’s features.
Once your site has been integrated with Sucuri’s API service, go to the page Dashboard -> Refresh Malware Scan. It will display the file log with any suspicious files flagged. For this tutorial, we have added suspicious code to the file index.php Go to the test site.
After running the scan, the file was flagged. You can select it and perform any action you want.
Remove malicious warnings on Google search results
Even though the Malware has been removed from your WordPress site, you still need to ask Google to remove the site’s warning label:
- Visit Google Search Console and register your website. Skip to step three if you already have an account.
- Then verify it using the prefix Domain or URL prefix.
- Scroll down to find Security & Manual Actions on the left tab. Click to display the drop-down list and select Security Issues.
- You will see a report about your website security, from which you can choose Request a review(request review).
You must check that your friend has successfully removed the Malware from your WordPress site before sending the request. Otherwise, it will be marked as repeat offender (Recidivist), and you will not be able to request a reconsideration for 30 days.
Conclude
Malware can be a huge problem that takes away all the credibility and trust of your WordPress site and affects you and your users. While looking at how to remove malware from a WordPress website, we showed you two methods:
To remove and scan malware from WordPress, you need to do:
- Back up your website to your computer.
- Use antivirus software and scan that WordPress backup.
- Remove Malware by tweaking your WordPress files and deleting old, suspicious, and detected files.
- Reset all user passwords and check for suspicious accounts.
- Reinstall plugins and themes.
Or you can use plugins to scan WordPress for malware to improve your site’s security. Additionally, we’ve also shown you how to remove warning labels that Google may place on your site. With these actions, hopefully, you can restore your WordPress site as soon as possible and prevent future threats.
