Remove Malware from WordPress Website

If your website is infected by Malware then follow the below steps to Remove Malware from the WordPress website. When your site is infected with Malware your site will usually redirect to another site or there will show unwanted ads from the attacker.

How to check if your site is infected by Malware:

Visit Sucuri site checker and Check your site by this URL:

https://sitecheck.sucuri.net/

Or install the Wordfence plugin on your WordPress site. This is recommended because this will give you a clear view of where the files are infected. And we are going to use Wordfence to remove Malware from the website.

Using Wordfence to Remove Malware:

Using wordfence you can not only remove Malware but also add security to the website. Before using wordfence to remove Malware fast take a backup of your site. Just in case anything goes wrong. So that you can get your site recovered.

Install wordfence plugin from the plugin area and activate it. After activating you’ll find an option called wordfence on your options area. There you’ll find the scan option. Click here and you will see the scan area. Just click the scan button there it will start scanning your website. This process might take care few minutes or hours according to your site size. It will scan your whole site one by one content. It will also scan for security. When the scan is complete, it will show you all the files infected with malware in your dashboard. And then comes the technical part. Suppose one file wpconfig.php showing infected with malware. Wordfence will exactly show the malware/virus name. It will also show you in which line the infected codes are. The next thing you have to do is download that infected file then open the same file from a clean WordPress(if it is a theme or plugin’s file download that plugin) open it and compare the infected line’s codes with this clean code. Just simply remove those infected codes and reload the site. See if everything is fine. But I suggest replacing the infected files with clean files. Like if the infected file is wpconfig.php then delete it and upload a clean wpconfig.php from WordPress. Remove all the files that show infected in the wordfence scan area. And when you are done you should refresh your site and see if everything is working fine. After cleaning everything go to wordfence dashboard area and do a final scan. When the results come out you will see that all the malware warning has gone. You can also do a scan using sucuri just to be sure.

Why WordPress site gets affected by Malware:

The main reason behind the malware is vulnerability. If you have any outdated plugins or unverified developer plugins, then attackers can easily implant malware on your site. Another reason could be your default WordPress login URL. Sometimes it may happen for lack of a firewall. An attacker might plant some kind of code on your xmlrpc and that’s how they get access to your site. Then they just put ads on your site or use your site to earn money in many ways.

How to Prevent your site from Malware:

When you are done removing malware from your site, you would want to prevent your site from getting affected again. Here are the things you have to consider to make your site safe.

Change Login Url:

Install hide login URL plugin from plugin area. Then go to the setting area where you can find the option to change the login URL. Put something that you can remember like a password. Then click Save. That’s it that’s your new login URL. Remember it or save it somewhere else. Now no one cant access your login area without knowing. No attacker can do any brute force attack to get your site access.

Change Password:

Make sure to create a strong password for your site and save it somewhere else. A strong password will give you extra security. So make sure your site’s password is strong.

Keep Wordfence Plugin Installed:
Wordfence plugin is not only for removing malware but also for site security. Keep it in default mode it will automatically scan your site and understand the attacker’s attack type. Then it will configure the firewall based on the attack types. This is how they will block every type of attack on its own. Wordfence has some extra features where you can see the live visitors as well as attackers. You can say which IP is accessing which area of your site. If any IP is trying to access your theme area or admin area of your WordPress directory, then that is an attacker. Usually, wordfence automatically blocks this kind of activity from any IP. But in case it doesn’t, you immediately block those ips. There is an extra feature in Wordfence where you can automatically block ips if it tries to access a certain URL of your site. Such as :

yourdomain.com/xmlrpc,
/wp-themes,
/wp-plugins

If you put this URL in a restricted URL area in Wordfence, then it will automatically block attackers from accessing those URLs. But be careful if you accidentally access those blocked URLs then wordfence will also block your out for hours. So make sure you don’t do that.

Server-level firewall:

When you are done with Wordfence and you will still need an extra level of security for your site and server, then you will have to implement server-level firewall. You can buy firewall services from many firewall-providing services like Cloudflare and implement it on your server. The server operating system has some basic level firewall. Try to change those settings according to your need. Then your site is ready to prevent any kind of attack.