Have you ever come across spammy content in your Google search results? Has your WordPress site been infected with malware?

In this situation, consumers are redirected to nefarious offers and unsafe websites, which is the effect of malware.

Don’t worry if this is the case. In this article, we’ll show you how to clean up your malware affected WordPress site after it’s been hacked and infected with malware, spam, backdoors, and other malicious software.

Though eliminating your malware affected WordPress site is time-consuming, it is critical for the website’s continued survival.

If you think you’ve been hacked, double-check that you’ve been hacked. When a user’s website misbehaves or has technical difficulty, they can assume their site has been attacked.

Also, site owners can notice spam comments and be unable to distinguish between them and a hack.

According to Forbes, “On average 30,000 new websites are hacked every day“.

According to a study by Sucuri, out of 8000 infected websites, 74% were built on WordPress.

WordPress hacking has many reasons. It may be due to outdated plugins, themes, and even WordPress versions.

However, if your website is infected by malware, this guide will help you diagnose and remove your malware affected WordPress site.

Common Indications That Your Website has been Hacked

  • Your viewers are complaining that they are being routed to a harmful or spammy website. Please pay attention to them because many hacks indicate that you are the site administrator and will not show you anything spammy. Only your website visitors or search engine crawlers will see it.
  • Suppose you notice spam in your site’s header or footer, such as ads for pornography, narcotics, illicit services, and so on. These are frequently put into your page without warning, so they can look like the dark text on a dark backdrop and be difficult to read for us (but the search engines can see it).
  • When you search for a website on Google, you come across pages or material unfamiliar with, which appears to be harmful.
  • Your hosting provider informs you that your website is doing anything malicious or spammy. For instance, if your host informs you that they are receiving reports of spam email with a link to your website, it means that there is a problem.

Related: What to Do When WordPress Website is Hacked

How to Clean Your Malware Affected WordPress Site?

Follow these steps to clean up your malware affected WordPress site.

Step 1: Make a Backup of Your Site’s Files and Database

Once you’ve confirmed that you’ve been hacked, back up your site as soon as possible. To get a copy of your complete website, use FTP, your hosting provider’s backup system, or a backup plugin.

To get a copy of your website, use a backup plugin.

If available, use the web host’s site snapshot tool to backup the complete site since this will be the most thorough backup of your entire server. However, downloading all of the data can take some time. If you can log in to your site, you can also utilize a backup plugin.

Your site’s wp-content folder is the most important folder on your server since it contains all of your uploads. You can also perform a manual backup using a simple procedure. To learn more about backing up your database and files, read this article.

Step 2: Take a Look at the Backup Files

Once the site has been backed up, save the backup to your PC. Open the zip file, select it and look for the following:

  • The WordPress core files are here. First, check to verify if the files in the download are identical to your WordPress core files by downloading WordPress from WordPress.org.
  • The wp-config.php file is crucial since it contains your WordPress database’s name, username, and password, which we’ll need throughout the restoration.
  • The wp-content folder: Examine at least these three wp-content folders: themes, uploads, and plugins. It shows that you have a decent site back up to view your theme, plugins, and uploaded pictures.
  • The .htaccess file will be inaccessible. Only an FTP tool (like FileZilla) or a code editing application (like Brackets) that allows you to examine invisible files inside the application’s interface can tell you if you backed up this file.
  • The database: An SQL file that is an export of your database must be available. We won’t be deleting the database during this procedure, but it’s a good idea to keep a backup.
Once the site has been backed up, save the backup to your PC.

Step 3: Remove All Files from the Public HTML Subdirectory

Using the web host’s File Manager or FTP. Remove all of the files in your public HTML folder (excluding the CGI-bin folder and any server-related directories that are visibly free of hacked data) after ensuring that you have a reasonable and complete backup of your site.

Remove all of the files in your public HTML folder.

If you have many websites hosted on the same account, you can presume they were all compromised. As a result, it’s best to clean all of the sites, back them up, download the backups, and proceed with the procedures below for each one.

Step 4: Uninstall WordPress and Reinstall it

Using your web hosting’s one-click option, reinstall WordPress. Refer to your site’s back up and update the wp-config.php file on your new WordPress installation to utilize the database credentials from your old site.

It will connect the old database to the new WordPress installation. Re-uploading your old wp-config.php file is not suggested because the new one will contain fresh login encryption salts and be devoid of any compromised code.

Clean Up Your Malware Affected WordPress Site - Uninstall WordPress and reinstall it.

Step 5: Recover Permalinks and Passwords

Restore all usernames and passwords by logging onto your site. If you notice any users you don’t recognize, your database has been hacked, and you should contact a professional to verify that no harmful code has been left behind.

Save your changes by going to Settings > Permalinks.

Your .htaccess file will be restored, and your site URLs will function again. Make sure you didn’t leave any hacked .htaccess files behind when you removed files.

Recover permalinks and your passwords.

Step 6: Reinstall Plugins and Themes

All of your plugins should be reinstalled from the WordPress source or downloaded from a premium plugin developer. Installing outdated and no longer supported plugins is not a good idea.

Instead, reinstall your theme from a new download from a secure source such as the WordPress theme repository as well. Refer to your backup files if you customized your theme files, and then recreate the modifications on a fresh copy of the theme.

You should not upload an outdated theme since you cannot tell which files have been compromised.

Reinstall your WordPress plugins and themes.

Step 7: Select Photos from the Backup and Upload Them

You’ll need to copy your old image files to the server’s new wp-content > uploads folder. However, take caution not to copy any compromised files in the process.

To do so, go through each folder in your backup and double-check that there are image files and no PHP scripts, JavaScript files, or anything else you didn’t add to your Media Library.

Step 8: Install and Run Security Plugins

Scrutinize the site using the Anti-Malware Security and Brute-Force Firewall. Also, run a Site Check scan with Sucuri to ensure you didn’t miss anything.

Next, install a security plugin such as MalCare Security, Astra Security, Shield WordPress Security, or iTheme Security and activate it. Finally, examine all of its options.

Run a Site Check scan with Sucuri.

MalCare has a smart scanner that properly detects new and sophisticated malware and pinpoints its location. In addition, a shield will alert you if any core files have changed in the future.

Plugin vulnerabilities, out-of-date software, and weak passwords are all targets for iTheme Security. It’s also a good idea to run a virus, trojan, or malware scan on your computer.

Most Commonly Asked Questions

How can I determine if my website has been hacked?

Your web hosts may report that some spam emails contain links to your website, or your customers may claim that they are being redirected to spam websites.

Your website may also contain advertisements for illicit products such as pornography and drugs.

Why are WordPress websites so frequently targeted?

WordPress is an open-source content management system (CMS) that powers over 43% of all websites on the internet. Because the code is freely available, which is the most crucial advantage and goal of open source, hackers may use it to identify and exploit flaws.

Hackers have an easier time if you don’t update WordPress, plugins, or themes. However, by following proper maintenance methods, you can make your website secure.

What can I do to keep my WordPress site safe?

When it comes to WordPress plugins and themes, you can take measures by downloading them from the WordPress Repository, avoiding nulled versions, keeping them updated, and uninstalling unneeded plugins and themes.

You can also find a reputable hosting company, reinforce passwords, conduct regular website security audits, add security plugins, and analyses website performance, among other things.

Also, always be prepared for the worst by having many backups on hand.

Wrapping Up

Suppose you’ve managed to clean up your malware affected WordPress site, congrats! However, you must now ensure that it is not hacked again.

Many services, such as Codeguard.com, can assist you in quickly identifying malware concerns. When it detects a change in your website code, it creates a new backup and sends you an email notification.

So, keep an eye on your emails at all times and never ignore them. Also, stay proactive to update WordPress plugins and versions on time to avoid malware attempts. We hope our tips on how to clean up your malware affected WordPress site can guide, and help you if your website is affected.

About the Author

Atif Shahab


Atif Shahab is a blogger, social media community management, and influencer marketing Expert. He loves to write about PHP, WordPress, Cloud, Project Management, Marketing, and Data Science. He is a fan of classic music and loves traveling with friends & family.

View All Articles