Steps to Remove Malware from Your WordPress Site
July 15. 2019
Owning and handling a WordPress website is perhaps the easiest way to deal with the online presence of your business. After all, there is a good reason that countless website owners choose WordPress as the preferred platform for their site. It is both easy to use and immensely practical and convenient. Nevertheless. there are times when even undemanding platforms can have some issues – for instance, malware problems. Naturally, you would want to remove malware from your WordPress site as soon as possible, but this could turn out to be a bit more complex than you first imagined. Let us see what having WordPress malware issues requires you to do.
Before you try to remove malware from your WordPress website
Before you start attempting to deal with a hacked WordPress website, you should do some serious thinking. The reason is simple – to remove malware from your WordPress website is anything but easy. It is therefore highly recommended that you try finding skilled website maintenance professionals to clean your site for you. Needless to say, professionals will be far more successful in handling these type of problems than you might be. There’s really no reason to take any risks here. And finding experienced and reliable professionals is easier than you might think.
If you, however, want to make an attempt of handling malware situation by yourself, you can do it in just several steps. Try to stay focused the entire time and if it seems like you are in over your head – there are always ways skilled developers at WP Full Care can help you out.
Disable your website and block it all
If you want to deal with a hacked website properly, you want to disable it first. This will both prevent your website from being viewed while infected and stop any further damage by anyone trying to harm your site. Also, this step will help your website’s and your brand’s reputation. You want to deal with issues such as this one quickly and unnoticed.
Backup everything
Next thing you should do is a complete backup of your entire site. This is one of the crucial steps when trying to remove malware from your WordPress site. If you can, try using a WordPress backup plugin. In case any logging in problems, it is possible that your database has been compromised. This might be a perfect time to contact professionals and let them handle this. If you are able to login you should also use Tools > Export. If you have multiple installs of WordPress on the server, this means you should back up every one of them separately.
Identify the malware issue
Identifying the real cause of the problem must be the most challenging part of every attempt to remove malware from your WordPress site. It depends on many factors, most important being your technical aptitude and how well you understand this particular issue. Identifying the cause of your malware problems is vital because you don’t want to, for instance, reinstall that very same plugin that made your website vulnerable in the first place. Repeating the same mistakes is not the way to use all the benefits of having a WordPress website. What can you do:
- You’ve done the backup – now inspect it for any hacked files.
- You can perform a Google search on specific phrases or file names.
- Old plugins and themes might be the cause of your malware problems – inspect the plugins you used on your website. It is not uncommon for websites to be hacked using common, known vulnerabilities.
Delete the files in your public_html folder
You’ve done a complete backup of your WordPress website, now it’s time to get rid of the files in your public_html folder (with the exception of the cgi-bin folder). For this purpose, you could use the web host’s File Manager. Note this: having other websites on the same account means they have all probably been infected as well. Do backups for all of your sites and download them.
Reinstall your WordPress
You can then reinstall WordPress in the public_html directory, provided that it was its original location – or in the subdirectory (if an add-on domain was where WordPress was installed). You can do this by using the one-click installer in your web hosting control panel. After this is done, you should then edit the wp-config.php file on the new WordPress to use the database credentials from the old site. This connects the new installation to the old database.
Steps to take after you manage to reinstall WordPress
If you’ve managed to successfully complete all of the abovementioned steps, you still need several more to be able to say that you’ve managed to remove malware from your WordPress site. These steps might seem much easier, but they still require your utmost attention. Also, note that some of them, especially uploading your images from backup, can be quite tiresome and time-consuming. So, after clearing and re-installing your WordPress website, you should:
- Reset passwords and permalinks
- Reinstall plugins
- Reinstall themes
- Upload your images from the backup
- Scan your entire computer
Final thoughts
As you can see, if you are not skilled or experienced in this type of activities – perhaps leaving it to someone who knows what they are doing is the best option. But if you know your way around WordPress and computers – then go for it. Just remember, backing up your website and everything on it is the crucial step when trying to remove malware from your site. You want to avoid any risks to the content of your website, so be patient and careful throughout this entire process.