Knowledgebase

How to remove Malware in Wordpress

WordPress is one of the most used applications (content manager or CMS) for creating web pages and blogs due to its ease of use and flexibility. For this reason, there are a large number of attackers who seek to take advantage of application vulnerabilities to carry out code insertions or all types of malicious page modifications. These vulnerabilities may appear due to the use of obsolete versions of WordPress or any of its plugins/themes, a critical vulnerability in them that has not yet been fixed or having downloaded a paid or premium plugin/theme illegally. (downloaded from an unofficial website) in which they may have added malicious code.

These vulnerabilities can be later exploited to carry out phishing attacks, data collection, fraudulent redirects, local infection of computers, etc.

In this help we are going to explain how to eliminate malware in WordPress after being a victim of an attack of this type. The following steps will help us eliminate most of the common infections that affect WordPress, however, some infections may require additional actions to resolve.

ATTENTION!: This help is advanced and can leave your WordPress inaccessible if not done correctly. We only recommend following these steps if you know how the application works and know how to interpret the error LOG that may be generated.
We recommend making a complete backup of your WordPress before making any changes.

Step 1. Review our equipment

The infection of our page can be due to multiple causes, from a security flaw in WordPress itself, a theme, plugin... to obtaining our access credentials, to WordPress itself or to the FTP, due to a infection on our computer (pc).

The first thing we must do is make sure that all the devices from which we access to manage WordPress and FTP are clean and secure. To do this we can use one of the many existing antivirus and antimalware.

Step 2. Change the FTP access password

Once we have our computer clean, we are going to modify the FTP access password.

When generating the new password we will make sure that it is secure and not repeat a password that we use on another platform, you can use online tools that generate secure passwords, such as LastPass.

Step 3. Download the latest version of WordPress

We are going to download the latest version of WordPress to ensure that we have the latest security updates applied, it is important to frequently update all the components of our website for this purpose. To do this, we will access the downloads section of your website. A compressed file will be downloaded, we will have to unzip it to be able to access the WordPress files.

Once we have downloaded WordPress and unzipped the files, we are going to leave them waiting for a few steps.

Step 4. Remove the infection

We must carry out this step by accessing the accommodation via FTP. We can use the “File Manager” tool available in cPanel, or use an external FTP manager such as FileZilla, cuteFTP, etc.

Once we have accessed the hosting via FTP, we must enter the directory where WordPress is installed. Our hosting uses the /public_html/ folder by default, so if you have not changed it during installation it will be the folder in which you will find your WordPress, otherwise you will have to access the folder in which you installed the application.

After locating the files that make up WordPress, a list similar to this will appear:


< /strong>

They should ONLY remain:

– The “wp-config.php” file, which saves the connection configuration of the website with the database

– The “wp-content” folder. which stores all files related to our web content

All other files or folders remaining must be removed. Leaving our installation folder that forms WordPress as follows:

Next we are going to access the edition of the “wp-config.php” file to ensure that it is not affected by malware. To access this edition, right-click on the file and in the drop-down menu click on “Edit.”

In the file editing mode we will see its source code, it is important to make sure not to make any accidental changes as this could mean that it stops working.

To know if this file has been infected, we recommend comparing it with the “wp-config-sample.php” file that you downloaded from the official WordPress website. If it is infected, it is most likely that it has some quite long string of characters somewhere other than those that appear in “wp-config-sample.php”. (In the following image you can see an example of malicious code that we must eliminate)

After reviewing the “wp-config.php” file and ensuring that it is correct, we will access the “wp-content” folder and within it the folder “plugins”, we make a list of the plugins we use.

Next, we delete all the contents of the “Plugins” folder

Next we are going to carry out the same process in the “themes” folder that we will find within “wp-content”.

Finally, we check the “uploads” folder and its content to ensure that there is no executable file (php) in it. If there is one, it will be necessary to review its content and delete it if we determine that it exists. This is an infected file.

Step 5. Upload WordPress again

The time has come to recover the WordPress files that we downloaded before and upload them via FTP.

Keep in mind that you need to reinstall the removed plugins and themes from scratch, which we have noted in a list in the previous step.

Once the application has been restored, access the WordPress management area and modify the passwords so that they are secure (remember step 2) and different from those you use in other services.

Step 6. Remove the Google notice

Once the infection has been resolved, you must ask Google to remove the infection notice (if it shows it). To do this you must access your Search Console user account. Google (if you do not have an account you can create it from that same link), add your page and click on “Security problems”. From here, follow the steps that will appear to request the review.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Prestashop update

Update Prestashop To update Prestashop to the new version, the following steps will be carried...

Viruses on the web. Help!!! What are they and how do we eliminate them?

Lately, cases of websites that are infected by viruses or malicious code, without the webmaster...

How can I manage the domain?

For everything related to the administration of your domain, you must use the CPANEL control...

What is a subdomain?

Subdomains are extensions that we can use with our domain, for example, suppose that our domain...

How to publish my website?

To upload the content of your website to the server you can use any FTP client such as FileZilla,...