It’s not a matter of if your WordPress website will get hacked, but when. Hackers are constantly looking for vulnerabilities to exploit. If they can find an opening in your security, they will take advantage of it. That’s why it’s essential to be proactive about malware removal and prevention.
In this blog post, we will discuss how to remove malware from a WordPress website or with plugins manually. We will also talk about how to protect your website from future attacks.
Learn More about the Best website example For Best Practices.
How to remove malware from WordPress website manually
If you are a technical person and comfortable with code, you can remove malware from your WordPress website. This method is for those familiar with WordPress and its directory structure.
1. Scan Your Website
The first step is to scan your website for malware. You can do this with Sucuri SiteCheck. A free website malware scanner will check your site for malicious code, backdoors, and other security issues.
Once you’ve scanned your website, Sucuri will give you a report of any malicious code it finds. You can move on to the next step if there are infected files.
2. Back up your Whole Site.
It is essential to have a website backup before you make any changes. This way, if something goes wrong, you can always restore your website to its previous state.
There are many ways to back up your WordPress website. We recommend using a plugin like UpdraftPlus because it’s easy to use and automate.
Once you’ve installed the plugin, go to Settings > UpdraftPlus Backups and click the “Backup Now” button.
This will create a complete backup of your WordPress website. UpdraftPlus will save the backup files to your computer or a remote location like Dropbox, Google Drive, etc.
Suppose you can not log in to your WordPress dashboard. In that case, you can use FTP to download the backup files from your server. To download the WordPress files, go to the file manager from your CPanel, click on the public_html folder, and select all the files. Right-click on the desired files and choose “Compress.”
After compressing the WordPress files, a ZIP file will be created. Download this file to your computer and unzip it.
We also recommend that you back up your WordPress database. You can do this with phpMyAdmin.
Log into your cPanel and scroll down to the “Databases” section. Click on phpMyAdmin.
In phpMyAdmin, select your WordPress database from the left-hand sidebar. Then, click the “Export” button at the top of the page.
On the next screen, select the “Quick” export method and click the “Go” button.
Your WordPress database will now be downloaded to your computer as a .sql file.
Now that you have your WordPress files and database backups, you can remove the malware.
3. Reinstall Theme & Plugins
If you installed a theme or plugin from an untrustworthy source, it’s possible that the malware was injected into those files. The best way to remove any malicious code is to delete the theme/plugin and then reinstall it from a trusted source.
For themes, go to Appearance > Themes and delete the theme that you think may be infected. Then, reinstall it from the WordPress.org theme directory or another trusted source.
To delete a plugin, go to Plugins > Installed Plugins and deactivate the plugin. Then, click the “Delete” link under the plugin name. After that, you can install it again from the WordPress.org plugin directory or another trusted source.
Once you’ve reinstalled the theme/plugin, check your website with Sucuri SiteCheck to ensure the malware has been removed.
4. Change Password
If you think your WordPress password has been compromised, changing it is a good idea. To do this, log into your WordPress dashboard and go to Users > Your Profile.
Scroll to the “Account Management” section and click the “Generate Password” button.
Enter your new password twice and click the “Update Profile” button.
After changing your password, be sure to use a strong password that contains uppercase and lowercase letters, numbers, and special characters.
5. Scan your PC with Antivirus Software.
If your computer is infected with malware, you should scan it with an antivirus program. We recommend using the accessible version of Malwarebytes.
Once you’ve downloaded and installed Malwarebytes, run a full scan of your computer. If any malicious files are found, they will be quarantined and removed.
After scanning your computer, check your WordPress website with Sucuri SiteCheck to ensure the malware has been removed.
How to remove malware using a Plugin
If you don’t feel comfortable removing the malware yourself, then you can use a plugin like Malwarebytes Anti-Malware. This plugin will scan your WordPress website for malware and remove it automatically.
Sucuri
Sucuri is a free WordPress security plugin that will scan your website for malware and remove it automatically. To use Sucuri, install and activate the plugin. Then, go to Sucuri > Scan Website.
Click the “Scan Now” button to start the scan. Once the scan is complete, you will see a list of any malicious files found on your website.
Click the “Delete” button next to each file to remove it from your server.
Wordfence Security
Wordfence Security is another free WordPress security plugin that can scan for and remove malware from your website. To use Wordfence Security, install and activate the plugin. Then, go to Wordfence > Scanner in your WordPress dashboard.
Click the “Start a New Scan” button.
On the next screen, select the type of scan you want to perform and click the “Scan Now” control.
Once the scan is complete, you will see a list of any malicious files found on your website. Click the “Delete” link next to each file to remove it from your server.
All-in-One WP Security
All-in-One WP Security is a free WordPress security plugin that can scan for and remove malware from your website. To use All in One WP Security, install and activate the plugin. Then, go to AIOWPS > Malware Scan in your WordPress dashboard.
Click the “Scan Now” button to start the scan. Once the scan is complete, you will see a list of any malicious files found on your website.
Click the “Delete” button next to each file to remove it from your server.
How to protect your WordPress website from malware attacks in the future
1. Keep your site up to date.
One of the best ways to protect your WordPress website from malware is to keep it up to date. WordPress releases new updates regularly, which include security fixes for vulnerabilities that hackers could exploit.
To update WordPress, log in to your dashboard and go to Updates in the left-hand sidebar. If a new version of WordPress is available, you will see a notice at the top of the page.
Click the “Update Now” button to update WordPress.
2. Secure your Login Page
One of the most common ways hackers gain access to WordPress websites is by brute-forcing the login page. You can use a plugin like All in One WP Security to secure your login page.
Once you’ve installed and activated the plugin, go to AIOWPS > User Accounts in your WordPress dashboard. Then, scroll down to the “Brute Force Protection” section and check the box next to “Enable Login Lockdown.”
This will prevent hackers from brute-forcing their way into your WordPress website.
3. Regular Backup of your website
Backup should be done at regular intervals of time so that in case anything goes wrong, you have the backup to restore your website.
You can use a WordPress plugin like UpdraftPlus to create automatic website backups.
To set up automatic backups, install and activate the plugin. Then, go to Settings > UpdraftPlus Backups in your WordPress dashboard.
Under the “Settings” tab, you can choose how often you want backups to be created, where you want them to be stored, and what type of files you wish to include in the backup.
Once you’ve selected it, click the “Save Changes” button.
UpdraftPlus will now automatically create backups of your WordPress website according to the schedule that you’ve set.
4. Install a Security Plugin
Another way to protect your WordPress website from malware is to install a security plugin. There are many different security plugins available for WordPress, but we recommend choosing one that includes features like malware scanning and firewall protection.
Wrapping Up
This article has helped you learn how to remove malware from a WordPress website. You may also want to check out our guide on securing a WordPress website.
Do you have any questions?
Let us know in the comments below!
 | Md Alinoor is a website developer and SEO content marketer. He launches his blog to teach bloggers to small business owners – to make their websites without having to learn code. You can follow him on Linkedin, Instagram, Facebook |
|---|
