Removing Malware from WordPress
Posted October 12, 2016 by Simon
In this blog post we will be looking at how to remove malware from your WordPress installation.
You can easily check if your WordPress site is infected by using an online scanner such as Securi’s site checker.
If you have identified that your site has been compromised, work through the steps below to repair your installation.
Scan your computer
Malware can find it’s way on to your site in a number of ways, one of which is through a virus on your machine that is passing on your ftp password. Scan your computer for any malware or infection using a good quality virus checker such as Malware Bytes or AVG.
Change your control panel and ftp passwords.
Once you have cleaned your computer, change the password for your Plesk or cPanel logins, and change your ftp password.
Download the latest version of WordPress
Download and extract the latest version of WordPress from the WordPress download page.
Clean up your infected WordPress site
FTP in to your site, into the install folder of your WordPress site. It should look like this:
Now, delete all of the files in here, except the wp-content folder and the wp-config.php file.
Drag the wp-config.php file to your desktop and open it up in your code editor. Check for any unusual code in here, particularly any long strings of random text. You can compare it to the wp-config-sample.php file in your fresh download of WordPress.
If you find anything that shouldn’t be there, make a back up of your sites wp-config.php file, then remove the unwanted code and upload the edited file back through FTP.
Next, open up the wp-content folder, which should look like this:
Open up the plugins folder, and make a list of the plugins that you are currently using.
Go back up a level to the wp-content folder, and delete the plugins folder and the index.php file.
You will need to re-install your sites plug-ins once you have completed the cleaning process.
Open up the themes folder, and remove any themes that you are not using.
If you have a clean backup of the theme that you use, then you can delete all of the themes in here. If not, you will need to go through every file in the theme looking for suspicious code.
Finally, check your uploads folder and delete any files ending .php, or any other files that you have not uploaded.
Upload the files from the WordPress that you downloaded earlier, and remember you will need to upload the themes also. Don’t overwrite the wp-config.php file.
Update your WordPress logins
You should be able to get in to the dashboard area of your site now. Login and change the admin password. Remove any other users. Remember to use a strong password generator!
Install your plugins
You’ll need to re-install the plugins you removed earlier, add them one at a time and check your site is functioning each time.
Clear the Google Warning
If your site has the “This site may harm your computer” warning, then login or create an account at Google Webmaster Tools. Add your site, and then click ‘health’, then ‘malware’, and then ‘request a review’. Google will check your site, and if it is now malware free they will remove the warning.