Here are the steps to remove Malware that keeps infecting your WordPress website once and for all!
Backup your website
If you make a mistake, your website is gone forever. So back it up somewhere safe! If your hosting does not offer an automated backup setting, download your website locally to your computer. Don’t worry; the Malware will not harm your computer. Compress the folder after downloading just to be safe.
Download a fresh copy of WordPress.ORG: official site. This new copy will be used to overwrite the infected code on your website.
Eliminating the Malware
Login to your website via FTP or cPanel’s File Manager. Delete everything EXCEPT for the wp-content folder and the wp-config.php file. I repeat: DO NOT, by any circumstances, delete wp-content or wp-config!
Wp-content is where your website stores all of its digital assets: media (photos), plugins, and themes. Wp-config.php is the credentials to the database of your website.
This step will break your website installation, but that is ok because it is redirecting for showing a hacked version you don’t want clients and customers to see. It’s better they see a 404 page than abusive content.
Identify out-of-place Files and Folders
Check the files and folders for random/odd-looking files or code.
Odd-looking code is a string of generated letters and numbers used for a file’s name or injected into the file’s head.
WordPress salts/passwords are ok to have a string of letters and numbers for a password. When in doubt, check the clean copy of the WordPress installation files you downloaded.
Remove back doors
Check wp-config.php for random code injected into the file.
Remove infected Plugins
Delete and upload a fresh copy of your plugins.
Remove infected Themes
Remove any themes you aren’t currently using. Be careful that you don’t permanently remove any parent themes used by children themes.
If you have a clean copy of your theme, please upload it, overwriting the infected copy.
Upload a clean version of WordPress
Upload everything in the fresh WordPress download except for wp-content (this is the file you downloaded in step 2). I repeat: DO NOT replace/overwrite the wp-content folder. I usually delete the wp-content folder from my computer, so I don’t accidentally upload it to the server.
Remove the .htaccess file
Delete the htaccess file and resave your permalinks (unless it looks clean). If you don’t see the file in your directory, ensure you have “view invisible files” turned on in your FTP client.
Change Passwords + Remove Unrecognized Users.
Change the passwords for your users. Removing any users, you do not recognize.
Check file permissions
The most critical step. Folders need to be set to 755, Files 644, wp-config.php 600, .htaccess 600.
If your files are set to 777, hackers can easily access your website.
If you understand SSH, you can use the settings below to automate the process of updating your folder permissions. Update the commands based on your server file structure.
Install a Security Plugin
Add a security plugin to your WordPress website, select the option to harden the WordPress settings.
Re-Check in a day or two
After 24-48 hours have passed, check your WordPress file structure for odd-ducks. Anything other than these files and those files could be Malware getting back into your website from an unfixed vulnerability.
If you are still unable to stop hackers, please message us for assistance on how we can assist with Risk management services.
What is Malware?
Malware is a type of software that is designed to harm or disrupt computer systems. Malware can include viruses, spyware, adware, and Trojan horses. Viruses are programs that self-replicate and spread themselves to other computers. Spyware is software that gathers information about a person or organization without their permission. Adware is software that displays unwanted advertisements. Trojan horses are programs that appear to be benign but actually allow attackers to gain access to a computer system. Malware can be difficult to remove once it has been installed on a computer, so it is important to take steps to prevent it from being installed in the first place. One way to do this is to only download software from trusted sources. Another way to protect your computer is to install an antivirus program and keep it up-to-date.
What is WordPress?
WordPress is a content management system (CMS) that allows users to create and manage a website or blog. WordPress is free and open source software released under the GPL. WordPress is used by millions of people around the world, including many large organizations, such as The Guardian, Forbes, and The New York Times. WordPress is a very versatile platform and can be used for a wide variety of websites and applications. WordPress powers 28% of the internet and is one of the most popular website platforms in use today.
Published on: 2021-03-12
Updated on: 2022-05-31