If it can happen to your computer occasionally, then it will certainly happen to your WordPress website, perhaps more often. Malware or other viruses and infections or cyber-attacks are a huge mess. Cleaning them us is often tedious too and disheartening. Still, we’re here to help you clean a WordPress malware infection in the simplest way possible.
It may not be as simple as say, cleaning a malware on your computer, but it has to be done– urgently. If left unchecked, a WordPress malware infection might wedge its way into other aspects of your online operation.
Make sure to follow these steps in order to make your website clean and good as new again once your security plugins start informing you of a problem they can no longer fix.
1. Check your computer first
You can skip this step or lower its priority on this list but it’s hard to take chances. Even if you clean your website of any WordPress malware infection but the source still remains on your computer, then it’s back to square one with you.
So fire up that antivirus and scan your computer. Sometimes you might need something stronger than a simple mainstream antivirus such as Malwarebytes. For a competitive sweep of your computer especially those using Windows, this malware removal Reddit thread has helped many people.
2. Backup your site
Now, on to your website. The first thing you’ll want to do for it is to back up the site files and database. A WordPress backup plugin should do the trick, you’ll also want a separate backup of the database using this method. If your web host’s site has a snapshot feature, then use that since it makes backing up more comprehensive.
If you don’t have those or can’t log in because of a dirty hack, then the web host’s File Manager can help you get a zip file of your wp-content folder which you can then download. It’s really important, however, that you are able to log back in as an admin for the backup, so as much as possible try persistently by following these steps to be able to log in.
3. Download and check the backup
Now that the daunting task of backup up your website is done, you’re now ready to assess the damage of the WordPress malware infection. Download the backup to your computer. First, you’ll want to compare the WordPress core files of your backup to the actual WordPress core files of a fresh download from WordPress.org. They should have the same contents.
Another folder you should keep tabs on is the wp-content folder; it should at least have three folders named themes, uploads, and plugins. If so, then the backup was a success. Additionally, you should also have an SQL file that is an export of your database and the wp-config.php file (the most important part of the backup).
4. Purge the directory folder
Now comes the cleaning part. Go back to the website files and locate the public_html folder (or the directory where you installed your WordPress website) in your site and open the public_html folder. Then, select everything except the cgi-bin folder or other server-related folders that are clean (you’ll know them when you see them) and delete them.
Your web host’s file manager can easily do this. Make sure not to omit the invisible files in the deletion process. The problem is if you have multiple websites, some of the infection might extend to them. If you suspect so, then do the same steps (2, 3, and 4) for them; back them up and then purge them.
5. Reinstall WordPress
After you’ve hopefully cleared the WordPress malware infection from the directory, you can now begin the repair process for your WordPress website. Simply use your web host’s control panel to reinstall WordPress in the public_html directory (assuming that’s the directory you’ve cleaned).
Once the installation is done, you’ll have to copy and paste the contents of the wp-config.php file in your backup to the wp-config.php file of the fresh WordPress installation. This will connect your new installation to the old database. You can just upload the backup wp-config.php file of the backup to replace the new one but there’s a chance it might not be clean so we don’t recommend that.
6. Change Passwords
Now that you can log in again, reset all the users and passwords of your website. If you see any users you don’t recognize or are suspicious, then the chances are, the WordPress malware infection compromised your database. you’ll certainly need a WordPress developer’s help to undo this as they can easily replace your database files and ensure no harmful unwanted codes are left behind.
However, if the damage is not that great after you’ve reset the users and passwords, then just proceed to Settings then Permalinks then click on Save Changes. On a final note, make sure to also reset all FTP and hosting account passwords too.
7. Reinstall add-ons
Now that your website and URL is operational again, it’s time to add back the themes and plugins. Install them from the WordPress repository as a fresh install. Avoid old plugins and themes especially those that are no longer maintained by their developers.
Do not upload your old plugins or themes from the backup as they might have been touched by the WordPress malware infection.
8. Surgically upload your images back
As for your old images files, it can get rather tricky. If there’s no other clean place where you can get them from, then you’ll have to check each and every one of their year/month folders them to see if they’re infected before you upload them back into your clean WordPress installation. Make sure to show the hidden files too.
One way to check if these year/month folders are infected is if they have anything else other than image format files. Any other kind of file could mean that the images inside the folder have been compromised or they need thorough cleansing. For the clean folders, you can safely upload them to the server.
9. Run your security plugins
When it comes to cleaning viruses or a WordPress malware infection, it’s better to be safe than sorry. So even if you’re sure that your fresh installation is pristine you might want to go the extra mile and sun your security plugins once more to scan the whole site.
There’s a plethora of them to choose from (though you might want to ditch the plugin which the malware managed to outsmart). At least the next time a WordPress malware infection happens, you’ll be more confident.