Remove Malware and Virusses from an infected WordPress Website
It is not by chance that the majority of websites that exist today are based on WordPress. The CMS has flourished over the years and gained in popularity. But with such popularity comes great vulnerability to attacks like hacks and malware. A perfect example to compare WordPress with is Microsoft’s Windows operating system. Windows was so widely used that it became a natural malware target and the same applies to WordPress. If you are reading this, chances are you have been attacked and you are trying to find out how to resolve a malware infected WordPress. This article will walk you through different methods of removing malware from your website.
Understanding WordPress malware
Before you can begin disinfecting your WordPress you have to be able to tell if you are infected or not and if you are, you have to know what kind of malware you have been infected with. You will not be able to fully disinfect your system unless you know exactly what infected it. Most malware that attacks WordPress sites is easy to detect but there are some that can go unnoticed. A regular scan of your WordPress using a trusted tool is the best way to catch most website malware. Google has an effective tool that you can use for this purpose, you can check it out here:
Replace ‘yoursite’ with the name of your site.
So, is your WordPress infected?
There are many signs that can point towards the presence of malware on your site but here are the most common signs that you can watch out for:
• Weird links appear in your site content
• Your content has been changed
• Your site is no longer functioning the way it is supposed to
• Your site now takes long to load
• Visitors get pop-ups and redirects whenever they visit your site
• You can no longer login your control panel
• Your site has disappeared
Getting rid of Malware and cleaning your WordPress website
There are a number of ways of removing malware from a website, most of the steps described below are generic and will apply to the majority of malware found on WordPress. However, some malware may require specific technics to remove completely. The following are some of the important steps you need to take to resolve a malware infected WordPress site:
Reinitialize your passwords
If you suspect that you have malware on your site, the first and most important thing to do is to change ALL of your website related passwords. This includes your cpanel password, FTP account password, and user passwords. Any password liked or related to your website should be changed and replaced by strong and unique passwords. GoDaddy has a guide on creating strong passwords.
Get rid of the malware using tools
Once you have changed your passwords you can start getting rid of the malware. This is only possible if you have an idea of the type of malware that is affecting your website. Most malware can be removed manually but if you do not know the malware affecting you or where to find its files this can be a problem. Fortunately, there are a number of trusted scripts and software that can be used to scan your website, detect and remove malware. Wedetect.it is one of the easiest malware removing solution to use for both experienced webmasters and the not so experienced. The code scans and detects malware on your site and you have an option to get the website cleaned off all malware. The cleaning process takes about 24hrs. Users then have an option to have their website monitored 24/7 for any possible threats.
Get rid of malware manually
Users who are familiar with cpanel can clean their WordPress manually:
1. Back up all of your site files and databases, there are some trusted backup tools that you can use.
2. Download and take a look at the backup files. Look for file name changes that you do not recognize, new files that you did not upload etc. Verify that the rest of your files are there in the backed up files.
3. If all of your files are present in the backup copy, go ahead and delete all the files in the public_html folder
4. Re-install a completely new and up to date WordPress
5. Re-install your trusted add-ons and plug-ins
6. Upload your data from the backup
7. Find a trusted and efficient security tool to monitor and secure your website in real time.
The manual procedure works but it is important to know that it is almost impossible to remove all malware related files and code by hand. Files can be deleted but some malware directly affects your website code especially if you are using themes. That is why using smart solutions like Wedetect.it and Sucuri comes highly recommended when trying to resolve a malware infected WordPress site