How To Remove Malware From Hacked WordPress Site? (DIY)

WordPress Hacked

Few things before we start

Whatever platform you use, WordPress, Drupal, Joomla, etc… Any site can be hacked!

You may lose search engine rankings when your WordPress site is hacked and expose your readers to viruses, your reputation may be tarnished because of redirections to p o r n or other bad neighborhood websites and, worst of all, and you can lose all site data.

If your website is a company, security is one of your top priorities.

This is why it is important that you have a good hosting company with WordPress. If you can afford it, use managed WordPress hosting absolutely. Make sure you always have in place a good WordPress backup solution. Last but probably the most important, have a robust firewall for web applications.

All of the above information is great if you hacked yet, but probably it’s too late to add some of the precautions we mentioned earlier when you read this article. So, try to stay as calm as you can before you do anything. Let’s look at the step by step guide on how your hacked WordPress site can be fixed.

Practically anyone can use this step-by-step guide to remove WordPress malware.

You must, however, be prepared to get your hands dirty and be comfortable with FTP and File Manager. If this isn’t your tea cup, you may want to use plugins instead to fix your hacked WordPress (wordpress site hacked redirecting to another site). Here are the steps.

Step 1: Scan your PC

Malware can infect your WordPress in different ways, one of which is if you have a virus that leaks your FTP password on your computer. In fact, this is quite common. So first, make sure your computers virus-free. We recommend you to scan using anti-virus such as E-SET or with Malware Bytes at least and that you are doubly safe.

Step 2: Change your password cPanel / FTP

Now that your computer is virus free, the cPanel and FTP password should be changed. Make sure it’s random, at least with 1 special character like! # < &, mix of letters lower and uppercase plus numbers. Step 3: Download WordPress from official Website Download recent version of WordPress File. Step 4: Extract Downloaded WordPress Files Extract the files you just downloaded to your computer from the zip or tar.gz. Leave the files for now. We’re returning to them later. Step 5: Identifying & Removing Malware infected files Log in to your > File Manager FTP or cPanel.

Your WordPress files should look like this on your web host:

wp-admin
wp-content
wp-includes
index.php (fix index.php WordPress hack issue)
license.txt
readme.html
wp-activate.php
wp-blog-header.php
wp-comments-post.php
wp-config.php (fix wp-config.php hack issue)
wp-config-sample.php
wp-cron.php
wp-links-opml.php
wp-load.php (fix wp-load.php hacked issue)
wp-login.php
wp-mail.php
wp-settings.php
wp-signup.php
wp-trackback.php
.htaccess
xmlrpc.php

Remove all you see except the wp- content folder and the file wp-config.php.

Click on and edit the wp-config.php file in your cPanel > File Manager.

Make sure there are no unusual or uncommon codes. If this file contains malware, it usually looks like a long string of random texts. You can make a sure comparison with the wp-config-sample.php file. Go to the wp-content folder now.

It should look like: plugin topics index.php uploads

    1. Plugins
    2. Themes
    3. Uploads
    4. index.php

List the plugins you are currently using, and then delete the folder of the plugins and the index.php file.

After the cleaning process, you will need to reinstall your plugins. Go to the folder Themes and delete any theme you don’t use. You will then need to check each file in your current theme individually to ensure that there are no malware or strange codes in it.

If you have a clean backup of your theme somewhere (like on your computer), you should remove the whole theme folder to make sure you are safe. Check every directory in your upload folder to make sure no php files or anything you may not have uploaded are available.

Step 6: Re- upload WordPress

Now you can upload fresh WordPress files which you extracted earlier in Step 4 via FTP. If you have deleted your theme, reload your clean backup theme files.

Step 7: Change the password and reinstall plugins for WordPress admin

Now you should be able to access your dashboard and change your password for admin. Always use a random password that is hard to guess. Don’t be tempted to use basics text like your name or any famous person name for your remembrance; simply you will be hacked again.

Step 8: Removing Google Warning for search users

Now that your site is malware- free, you can submit your site to Google to receive the warning “This site can harm your computer.” Login or create a Google Webmaster Tools account, add your site, click Health and Malware. And finally ask for a review.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.