After facing the issue of malware in my own WordPress website How2shout.com, I am writing this article. I got a Google mail in which Google has submitted a report of having a malware on my website. It was shocking and I instantly search for some plugin to remove malware. How2shout already have All in One security plugin and cloud flare firewall, but somehow malware comes in the website. It may be due to some unknown plugin installation. I have tried out certain steps to remove malware from my WordPress website and now I want to share it with everyone.
First of all, we need to know that really our WordPress has any malware. Malware can be entered in WordPress if you have uploaded some files from an infected computer using FTP, due to some nulled or cracked plugins etc.
Step 1: How to find malware on WordPress site
How to find out that you have malware on the website, the plugin which used by me is Sucuri Security plugin. It allows you to scan the whole website to find out whether it infected or not. Also, there is another plugin called Anti-Malware Security and Brute-Force Firewall. This Anti-Malware scanner plugin scans WordPress website to Remove Malware, Viruses, and other security threats. It also scans other vulnerabilities resides on your server and helps you to fix them.
Step 2: First of Clean Your Computer
There are some chances that the computer you are using to operate FTP for WordPress website might be infected. Maybe there is some virus that sending your password info to hackers. So install some good antivirus and clean your computer.
Step 2: Increase the complexity of cPanel/FTP Password
Before removing malware from WordPress website change the cPanle or FTP password. We performing this to ensure that the hacker doesn’t have our password.
Step 3: Login to cPanel or FTP
Now login to your hosting cPanel/FTP and open the file manager to see all files and folder of WordPress.
Step 4: Downloading the new WordPress
Open a new tab and download the fresh copy of WordPress from their official website.
Step 5 : Remove Malware from WordPress
We don’t know which file exactly contain the malware. So, select and delete all files & folders except the wp-content folder, and the wp-config.php file. The wp-content folder contains all your plugins, themes, and images whereas wp-config.php is for database configuration. Don’t delete the red marked file and folder shown in the screenshot.
After deleting all other files the folder contains theses two items:
Step 5: See wp-config.php file
Now edit the wp-config.php file and look for any strange code or script. You can compare the wp-config.php file with wp-config-sample.php ( you find it in the fresh downloaded copy of WordPress). If everything seems good in this file then close it.
Step 6: Remove unwanted content from wp-content folder
Now open the wp-content folder and the structure inside the folder is look like as give below.
If you find any other file or folder in it then delete that.
Step 7: Remove Malware from Plugins folder
The malware may reside in your plugins. So make a list of plugins currently installed in your WordPress website. After creating a list delete the plugin folder. Don’t worry about the data or post created by any plugin. The data will be in the database and when you reinstall that plugin all data will restore.
Step 8: Remove Malware from Theme
Go into the themes folder, and remove any theme which you are not using. Also, check all files of the currently installed theme of your website. If you have a copy of installed theme somewhere then also delete the whole folder of the theme.
Step 9: Remove Malware from Uploads folder
Now check every folder inside uploads folder to make sure there are no PHP files or anything that you may not have uploaded.
Step 10: Upload fresh WordPress copy
After cleaning the whole previous WordPress directory , now upload the fresh WordPress files downloaded in step 4.
Step 11: WordPress Admin Password
After performing the 10th step now open your WordPress admin panel and change the admin password.
Step 12: Install all you plugin
Go to WordPress official plugins directory and install all your plugins one by one. Don’t install any nulled or cracked theme or plugins it might contain some malware.
Step 13: WordPress malware scan
Check again for any malware. Open Sucuri scanner enter your website and see the result.
Step 8: Remove Malware warning from Google
Open the Google Webmaster Tools, click on crawl>Fetch as Google and give your website www.example.com in the given box. The google Fetch and render your complete website and ask for submission. Submit whole website with associated links and Google will review the website. And unlist it from its malware website database.