Home
Complete guide to remove malware from WordPress

Complete guide to remove malware from WordPress

No Comments Digital Media

Due to its popularity, it has become a common target for cyberattacks. In fact, out of the 40,000 WordPress sites featured in the Alexa Top One Million list are vulnerable to cyberattack attempts.

Some of the most common signs of a hacked site include defaced web pages, links to malicious websites, Google block list warnings, and white screens of death. If one of these signs appears on your WordPress site, it has likely been compromised or infected with malware.

Once you have confirmed that you have a hack, take the appropriate steps to recover it as soon as possible. Read on as we will walk you through the steps to manually remove malware from a hacked website. We will also cover some of the best security plugins that you can choose from.

How to Manually Remove WordPress Malware

Although recovering a hacked WordPress site is possible, the process requires proper technical knowledge of website maintenance and hosting.

If the following tutorial seems too complicated for you, we recommend using a malware removal plugin or hiring a WordPress malware removal specialist.

Step 1. Prepare WordPress Malware Removal

First of all, keep in mind that you can fix your hacked site. Although it may take some time and effort to recover, know that you can overcome such an incident. Therefore, it is important to stay calm and follow the proper recovery procedure.

Before you remove malware from your WordPress site, follow these preparation steps to ensure the safety of your data:

1. Restrict access to the website

If your WordPress site has malicious redirects to dubious and unsafe sites, it is likely that it has been hacked. If left unchecked, your infected WordPress site can lead visitors to dangerous sites and leak their personal data.

Restrict access to your WordPress site will help prevent the spread of hidden malware that currently infects you. Perform this step by editing the file .htaccess through the File Manager from your hosting control panel or from a . In this tutorial, we will use the File Manager from on hPanel.

Here’s how to do it:

  1. Navigate to the file manager in the section Records.
  1. Access the directory public_html and scroll down to locate the file .htaccess. If the file is not found, it creates a new one by default.
  2. Add this code snippet to the file .htaccess to block all access except yours:
See also  FTP files

order allow,deny
deny from all
allow from

  1. Save the changes.

Professional Tip

Make sure your IP address is static. Otherwise, you will have to update the .htaccess file periodically.

.

2. Create a backup

Creating a backup of the hacked site will make it easier to identify the malware. By comparing the WordPress files from the good backup with those from the post-hack version, you will be able to locate the malicious code much faster.

Follow these steps to back up your site’s files and database, using hPanel’s one-click backup and restore system:

  1. Accede to Backups inside section Records.
  1. Click the button Select inside section File backups. Select a date from the dropdown menu and click Next step.
  1. Check the box next to the domain you want to back up, and then select Download all files.
  2. Once the server finishes preparing the download, click Download backup.
  1. After backing up your website files, do the same for your WordPress database. Click the button Select low section Database backups and choose the desired database from the dropdown menu. If you don’t know the name of your WordPress database, locate it first.
  1. Choose show databases to display the backup logs. Choose a date and click Discharge.
  1. Once the server finishes preparing the download, click Download backup.

3. Check available backups

This step should be easy for those who have done their due diligence as website administrators. If you were unable to restore the WordPress site using the infected backup file, the older version can serve as your plan B, allowing you to recover your pre-hack data and start fresh much faster.

Otherwise, we recommend that you contact your web hosting provider to see if they have a backup of your website files. Depending on your hosting provider, you may have automatically generated pre-hack backup files. , for example, offers daily and weekly backups with their shared hosting plans.

4. Update all passwords and access codes

Many hackers use malware to perform brute force attacks to crack the login credentials of administrator accounts. Changing your passwords can slow them down and minimize the chances of another security risk wreaking havoc on your WordPress site.

Make sure you use strong passwords and avoid reusing them on more than one account at a time. There are many password generators online, such as the and the , which can help you create unpredictable passwords with various combinations of letters and numbers.

See also  Best WordPress Blog Themes

The following are some of the accounts that need a password reset ASAP:

  • Hosting account: Most hosting providers, including , put the change password feature on the account information page.
  • FTP accounts: having your FTP accounts compromised will allow hackers to launch FTP bounce attacks. Minimize this risk by changing the password for your primary and secondary accounts.
  • SSH accounts: change the passwords of your accounts and configure ssh keys to prevent hackers from accessing your website data.
  • WP-Admin credentials: and the login credentials of other WordPress user accounts that have access to the backend of your site.
  • WP Salts: change your keys WordPress Salt will help you keep your login details hashed, fortifying your WordPress account against brute force attacks.

Important! If you have personal accounts with the same password as your hacked WordPress site, change those as well.

5. Update WordPress

The one of the hacked WordPress sites use an outdated version of WordPress. By keeping your CMS up to date, you will eliminate vulnerabilities that hackers can exploit to attack your website.

Here is a checklist of the programs and files you should update:

  • WordPress version: to the latest version via the tab updates from your WordPress admin panel. users can update their website version through the hPanel control panel.
  • Themes and plugins: the update notice for outdated WordPress plugins and themes should appear in the section Updates. Don’t forget to eliminate potential security issues by deleting unused themes and plugins.
  • PHP version: users can update your PHP version through the menu PHP configuration in the section advanced from the hPanel control panel.

6. Check recent changes and access

Your WordPress site logs keep track of all traffic and changes made to the server. Checking logs for suspicious activity at the time of the hack makes it easy to identify fraudulent accounts and infected files.

First, analyze your changelogs by running the command find in SSH:

find . -type f -name ‘*.file_extension’ -ctime n

Replace the value of file_extension by the type of file you want to check. We recommend looking for JavaScript and PHP files, as both file extensions are common targets for malware injection. Adds a positive or negative value to the n placeholder to determine the scope of the search.

For example, the following SSH command displays any PHP files added or modified three days ago:

See also  How to create a blog step by step: The complete guide

find . -type f -name ‘*.php’ -ctime -3

As for the , users can check them through Access Records in the section Website from the hPanel control panel. Open the tab of Access Records to view a list of visits to your website. You can filter the results based on the chosen time period.

7. Remove Symlinks

Symbolic links or symlinks are file types that point to another file or directory, serving as shortcuts. Although they provide multiple access points, hackers can take advantage of them to launch symbolic link attacks and gain access to your root directory.

Run this command via SSH to unblock symbolic links for your files and directories:

find . -type l -exec unlink {} \;

8. Reset file and folder permissions

Limiting the number of users with the admin role is a great security measure to prevent hackers from accessing sensitive site files. In the event of a security breach, we recommend resetting file and folder permissions to their default values ​​to kick out WordPress users with invalid access privileges.

File permission settings should be accessible through your hosting account’s control panel. users can access them through the menu Resolve file ownership in the section Other. After checking the confirmation box, click Run to set all file permissions to default values: 644 for files and 755 for the folders.

Recommended permissions for folders 755 they mean that the owner of the files inside these folders can read, write, and execute, while other WordPress users only have read and execute access rights.

9. Scan the PC with antivirus software

The cyberattack may have initially targeted your WordPress site, but it is not known whether or not the malware infection has spread to your PC. Scanning your PC with antivirus software will help you remove a potential malware infection and prevent it from compromising your hardware.

Here are some of the best antivirus solutions that come with a malware scanning feature:

Step 2. Reinstall WordPress Core Files

After doing the previous steps, it’s time to If you still have access to your WordPress dashboard, navigate to updates and click the button…

Related posts:

  1. Marketing Archives
  2. Top 11 Business Name Generators
  3. What is HTML? Explanation of the basics of Hypertext Markup Language
  4. How to install mods in Minecraft using Forge on Windows, macOS and Linux servers

Related Posts

Loading Facebook Comments ...
Loading Disqus Comments ...