How to Remove Malware From My WordPress Site

After facing the issue of malware in my own WordPress website How2shout.com, I am writing this article. I got a Google mail in which Google has submitted a report of having a malware on my website. It was shocking and I instantly search for some plugin to remove malware. How2shout already have All in One security plugin and cloud flare firewall, but somehow malware comes in the website. It may be due to some unknown plugin installation.  I have tried out certain steps to remove malware from my WordPress website and now I want to share it with everyone.

First of all, we need to know that really our WordPress has any malware. Malware can be entered in WordPress if you have uploaded some files from an infected computer using FTP, due to some nulled or cracked plugins etc.

Step 1: How to find malware on WordPress site

How to find out that you have malware on the website, the plugin which used by me is Sucuri Security plugin. It allows you to scan the whole website to find out whether it infected or not. Also, there is another plugin called Anti-Malware Security and Brute-Force Firewall. This Anti-Malware scanner plugin scans WordPress website to Remove Malware, Viruses, and other security threats. It also scans other  vulnerabilities resides on your server and helps you to fix them.

Step 2: First of  Clean Your Computer

There are some chances that the computer you are using to operate FTP for WordPress website might be infected. Maybe there is some virus that sending your password info to hackers. So install some good antivirus and clean your computer.

Step 2: Increase the complexity of cPanel/FTP Password

Before removing malware from WordPress website change the cPanle or FTP password.  We performing this to ensure that the hacker doesn’t have our password.

Step 3: Login to cPanel or FTP

Now login to your hosting cPanel/FTP and open the file manager to see all files and folder of WordPress.

Step 4: Downloading the new WordPress

Open a new tab and download the fresh copy of WordPress from their official website.

Step 5 : Remove Malware from WordPress

We don’t know which file exactly contain the malware. So, select and delete all files & folders except the wp-content folder, and the wp-config.php file. The wp-content folder contains all your plugins, themes, and images whereas wp-config.php is for database configuration. Don’t delete the red marked file and folder shown in the screenshot.

After deleting all other files the folder contains theses two items:

wp-content
wp-config.php

Step 5: See wp-config.php file

Now edit the wp-config.php file and look for any strange code or script. You can compare the wp-config.php file with wp-config-sample.php ( you  find it in the fresh downloaded copy of WordPress).  If everything seems good in this file then close it.

Step 6: Remove unwanted content from wp-content folder

Now open the wp-content folder and the structure inside the folder is look like as give below.

plugins
themes
uploads
index.php

 

If you find any other file or folder in it then delete that.

Step 7: Remove Malware from Plugins folder

The malware may reside in your plugins. So make a list of plugins currently installed in your WordPress website. After creating a list delete the plugin folder. Don’t worry  about the data or post created by any plugin. The data will be in the database and when you reinstall that plugin all data will restore.

Step 8: Remove Malware from Theme

Go into the themes folder, and remove any theme which you are not using. Also, check all files of the currently installed theme of your website. If you have a copy of installed theme somewhere then also delete the whole folder of the theme.

Step 9: Remove Malware from Uploads folder

Now check every folder inside uploads folder to make sure there are no PHP files or anything that you may not have uploaded.

Step 10: Upload fresh WordPress copy

After cleaning the whole previous WordPress directory , now upload the fresh WordPress files downloaded in step 4.

Step 11:  WordPress Admin Password

After performing the 10th step now open your WordPress admin panel and change the admin password.

Step 12: Install all you plugin

Go to WordPress official plugins directory and install all your plugins one by one. Don’t install any nulled or cracked theme or plugins it might contain some malware.

Step 13:  WordPress malware scan

Check again for any malware. Open Sucuri scanner enter your website and see the result.

Step 8: Remove Malware warning from Google

Open the Google Webmaster Tools, click on crawl>Fetch as Google and give your website www.example.com in the given box. The google Fetch and render your complete website and ask for submission. Submit whole website with associated links and Google will review the website.  And unlist it from its malware website database.