WordPress has become one of the most used tools worldwide when creating a web page thanks to a large number of templates and plugins that it provides, which allow practically anything to be done.
According to the WordPress web development company, cleaning a hacked WordPress site is not an easy task. The security of a WordPress site is not to be taken lightly. Being hacked can happen to anyone.
Symptoms of Malware on a WordPress Website
- Your WordPress website is redirected.
- Browser throws a malware or site attack warning when you try to visit that URL.
- You receive a Google Search Console message saying your website is hacked or has malware.
- Your web-host blocks your account.
- Strange URLs loading in the browser status bar when loading your website.
Now let us see the step by step process to remove malware from your WordPress website
Step #1: Backup the Site Files and Database
Backup your full website if you can use the web host’s site snapshot feature. Be prepared for the download to take time because it might be quite large.
Login through WordPress backup plugin and if you can’t log in, the hackers may have compromised the database in which case you can use WordPress Fortify. With the above steps, make a separate additional backup of the database.
The wp-content folder is the most important folder on your server, and because some sites might be quite large, you can’t run a backup plugin and your web host doesn’t have a “snapshots” feature, then you can use the web host’s File Manager to make a zip archive of your wp-content folder and then download that zip file.
Step #2: Download and Take the Backup Files
After backed up, download the backup to your computer, open the zip file. You must see:
- All the WordPress Core files – You can download WordPress from WordPress.org and check out the files in the download and match them to your own. You may want them for your investigation into the hack later.
- The wp-config.php file – This contains the name, username, and password to your WordPress database which will be used in the restore process.
- .htaccess file – This will be invisible. To view your backup folder using an FTP program or code editing application (like Brackets) that to know if you backed this up.
- The wp-content folder – You should see at least three folders: themes, uploads, and plugins. If you see your theme, plugins, and uploaded images then that’s a good sign you have a good backup of your site.
- The database – You should have an SQL file that is an export of your database.
Step #3: Delete All Files in the public_html folder
After verification delete all the files in your public_html folder except the cgi-bin folder and any server related folders that are clearly free of hacked files. Be sure to view invisible files to delete any compromised .htaccess files as well.
If you have other sites that you are hosting on the same account, they may be infected because cross infection is common. Therefore, you must clean ALL the sites, so back them all up, download the backups, and do the following steps for each one.
Step #4: Reinstall WordPress
Reinstall WordPress in the public_html directory if this was the original location of the WordPress install or in the subdirectory if WordPress was installed in an add-on domain.
To use the database credentials from the your former site, edit the wp-config.php file on the new install of WordPress, Refering the backup of your site, This will act like a pool for WordPress installation to the old database.
Step #5: Reset Passwords and Permalinks
Reset all your user names and passwords by login to your site. If you see any new users you don’t recognize, your database has been compromised, then you need to contact a professional to make sure no unwanted code has been left in your database.
Go to Settings > Permalinks and click Save Changes. This will restore your .htaccess file, so your site URLs will work again. Be sure when you deleted files on your server that you showed invisible files, so you didn’t leave any hacked .htaccess files behind. Be sure to rest all FTP and hosting account passwords as well.
Step #6: Reinstall Plugins
Reinstall all your plugins from the WordPress repository or fresh downloads from the premium plugin developer. Do not install old plugins and plugins that are no longer maintained.
Step #7: Reinstall Themes
Now reinstall your theme from a fresh download. Refere your backup files, if you want to customize your theme files, and apply the changes on the fresh copy. Do go for your old theme, files may have been hacked.
Step #8: Upload Images from the Backup
You need to get your old image files copied back up to the new wp-content > uploads folder on the serve. As you don’t want to copy any hacked files in the process therefore you will need to carefully examine each and every year/month folder in your backup and make sure there are ONLY image files.
Step #9: Scan Your Computer and Website
Scan your computer for viruses, trojans, and malware.
Step #10: Install and Run Security Plugins
Install and activate the Shield WordPress Security plugin. Check through all its settings. Running the Audit feature for a few months to keep track of all activity on the site will help you.
Run the Anti-Malware Security and Firewall and scan the site thoroughly. Scan the site to make sure you didn’t miss anything. You don’t need two firewall plugins running, so de-activate the Anti-Malware plugin after you’ve verified the clean site. Shield will notify you in the future if any core files have changed.
You will have to be patient and be careful with all the WordPress malware removal steps explained until you get to have your website clean and operational again.
And it is also true that sometimes with these steps may not reach a complete cleaning and you have to contact a web design company to get more artillery and a magnifying glass deeper to find where the problem.