How to remove Malware from WP Website

by Niks24
15 replies

I have got 1 Wordpress website attacked by the malware, no I want to remove it. Please let me know what process I should follow to remove all the malwares from the Website.

Please help.
#malware #remove #website
  • Profile picture of the author Yvon Boulianne
    just sent you a pm
    Stop Struggling With Your Website and Marketing
    30$ / task, pay after done!
    {{ DiscussionBoard.errors[9765767].message }}
    • Profile picture of the author jbyte
      You can try something as simple as installing wordfence and scan the site.

      Also, you can take a backup of the database and uploads folder and delete all the files and reinstall wordpress and the database.

      I fix WordPress problems, PM me if you need help

      {{ DiscussionBoard.errors[9765806].message }}
  • Profile picture of the author jgjh151
    Securi scan too
    {{ DiscussionBoard.errors[9765829].message }}
  • Profile picture of the author kaufenpreis
    When working to clean your site there are a number of things you should know, I’ll wrap it into 4 key things:
    Use Live Scanners
    Default WP File Structure
    File Permissions
    Disabling Plugins
    {{ DiscussionBoard.errors[9768453].message }}
  • Profile picture of the author Darrenshome
    The best program to use (free for 30 days) is:


    Install it and run it on your server.

    This will certainly remove any malaware from your server!

    (I am NOT associated with this product in any way!)
    {{ DiscussionBoard.errors[9903146].message }}
  • Profile picture of the author clumsy
    What sort of malware do you have?

    You really should get a professional to have a look at the site if what you have on it is important.

    If you can live with losing some data, try restoring to an earlier point (restoring both, files and database).
    {{ DiscussionBoard.errors[9903976].message }}
  • Profile picture of the author 1SEOcom
    Depends on which malware we're talking about. Is this injected via Javascript? is it a code placed in the header? You need to find the issue and then you can go from there. Is Google or Bing telling you there is potential malware on your website?
    {{ DiscussionBoard.errors[9904280].message }}
  • Profile picture of the author javrsmith
    I use iThemes Security plugin and haven't had any more trouble. I had the same malware three times before I put this in.
    {{ DiscussionBoard.errors[9925885].message }}
  • Profile picture of the author dgently42
    Ouch. I feel for you. This can be super challenging, even for the most experienced devs... unfortunately...

    I had this problem a couple years ago where someone hacked my site and a few of the pages were installing malware on a visitors machine. And the worst was that I'd remove the hacked code and then a couple days later it would be back. I spent a long time working at it. Also got my hosting company to help out (Dreamhost is great for this).

    I think the problem was with the theme I was using - it had a vulnerability somewhere. In the end, I installed a new version of Wordpress from scratch, new theme (Thesis) and rebuilt the site, migrating the content. That worked.

    If you don't want to rebuild, try figuring what pages are compromised - (previously mentioned) is good. If you know PHP, you can go from there and try to figure out which PHP files were hacked. wp_functions.php is often attacked. But the root of the problem might require some intense analysys.

    Definitely contact your hosting provider. They should be able to help significantly. Some providers have code scanners that can identify hacked php files.

    You can also try making sure you have the latest and greatest versions of everything installed and remove suspect plugins. You can't always trust (ever?) plugin developers to write vulnerable-free code.

    Good luck!
    {{ DiscussionBoard.errors[9938116].message }}
    • Profile picture of the author Paul Guilfoyle
      Originally Posted by dgently42 View Post

      Ouch. I feel for you. This can be super challenging, even for the most experienced devs... unfortunately...

      I think the problem was with the theme I was using - it had a vulnerability somewhere. In the end, I installed a new version of Wordpress from scratch, new theme (Thesis) and rebuilt the site, migrating the content. That worked.

      Does it make sense to terminate an account then start from scratch create a new account for that domain at the host, new wp install then restore earlier backup pre hack. Will this get rid of any possible back doors?
      Thanks for any help. I am totally non techie.
      All best,

      Easiest, fastest way I know, and working for countless others to create an online income.
      Click Here to Watch Free Video and start learning how to really profit from the internet

      {{ DiscussionBoard.errors[9955229].message }}
      • Profile picture of the author dgently42
        Paul - I think it depends. In my case, had I restored a backup, my backup would have had the vulnerable code in it. It just wouldn't be compromised yet. And in my case, it would have been a matter of days before I was hacked again.

        The action plan I would suggest taking is:
        1. ensure wordpress and all plugins are up to date. Change your passwords.
        2. contact the hosting provider to see if they can help. Dreamhost, for example, has tools to tell you what php files have possibly been compromised or contain malicious code. And it's in heir best interest to help you out.
        3. if you are technical, do some digging, including analyzing php pages, checking modify timestamps. Ensure proper permissions on files, etc.. Remove injections if possible and see if they come back. Maybe reinstall wordpress over existing install ?... There are also some php scripts that can be run to do some analysis for suspicious code in your wordpress install...
        4. if not technical, consider hiring someone to help
        5. If all else fails, try a new install in new directory. Maybe new theme. export content from old and import into new.

        Feel free to PM me.
        {{ DiscussionBoard.errors[9955875].message }}
  • Profile picture of the author hostbrink
    Try to use sucuri, they will handle all process for you. otherwise it is very hectic task to clean all code and files from malware ... also strengthen security by changing all passwords .......... checkout your template or theme must not be nulled as it also attract malware and other hackers ...

    ▌▌ HostBrink - Reliable & Rock Solid Hosting (24 x 7)
    ▌▌ VPS Servers - (US OVZ | NL KVM | SG KVM)
    ▌▌ Dedicated Servers - (USA | Poland | Netherland | Ukraine)
    ▌▌Shared Hosting - DDOS Protected Lightning Fast
    ▌▌Payment Methods: Bitcoin, Paypal, Webmoney, Perfect Money

    {{ DiscussionBoard.errors[9955865].message }}
  • Profile picture of the author TeKn1qu3z
    There are more hijack codes and make sure to check the webmaster tools to findout more.

    Install fresh files from wordpress and copy only images to the image directory.

    Once my site was attacked and got several times attack in a serial way, consult to your hosting company too.
    {{ DiscussionBoard.errors[9955874].message }}
  • Profile picture of the author RobinInTexas
    All they have to do is add one php file to a site. They can later call that file and do just about anything they want on your site.
    If you have several websites within the same cPanel account, they can manage all the sites within that account. One carefully constructed file can allow a hacker to effectively run a file manager giving them complete control over your hosting account. [everything within one cPanel installation]


    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[9959551].message }}
  • Profile picture of the author voldamort
    you can use the wordfence plugin it helps to remove it ....just go to wordpress and install plugin and run it will ask for api sometimes so register at there site and so it .....
    {{ DiscussionBoard.errors[9962599].message }}

Trending Topics