In this article we’ll be talking through how to remove malware from a wordpress installation.
Step 1 – Scan your PC
There’s multiple ways malware can get onto your website, but one of the first places to check is your own PC. Make sure there’s no dodgy software installed and then proceed with your cleanup.
Step 2 – Scan your wordpress installation
Using a plugin such as wordfence, or an external wordpress scanning tool scan your site to flag up any rouge files, make a note of these files ready for the next step.
Step 3 – Delete malicious files.
For this step we need to be careful to make sure we don’t delete anything we want to keep. It can be helpful to download a fresh copy of wordpress and compare your hacked install to the fresh download, just so you can compare files. Malicious code is often quite hard to read but at the same time quite easy to spot if you know what your looking for(often huge strings of code that don’t seem to make much sense). Go through the effected files and delete the malicious code, there could also be new malicious files, make sure these are deleted too.
Step 4 – Rescan
The next step is to rescan your wordpress install to make sure everything is clean. If so, great. If not go back to the previous step and check the files again.
Step 5 – Make sure the wordpress install and plugins are up to date
This step is a pretty easy one, but essential. Most hacks come from outdated installations or plugins in our experience. Make sure your running the latest releases at all times to stop your site being hacked again.
Step 6 – Change passwords
Change all passwords for your WordPress users(if possible), your cPanel, Plesk or other control panel passwords as well as any MySQL and FTP passwords.