How-to: Remove Malware from WordPress

Malware, or malicious software, is any application or document that’s harmful to a computer user. Malware contains computer viruses, worms, Trojan horses and spyware.

Time needed: 3 minutes.

Stop Malware from taking over your website.

  1. Backup your website

    If you make a mistake, your website is gone forever. So back it up somewhere safe!

  2. Download WordPress

    Download a fresh copy of WordPress.ORG: official site.

  3. Eliminating the Malware

    Login into your website via FTP

    You should see a bunch of files that look similar to this:

    wp-admin
    wp-content
    wp-includes
    index.php
    license.txt
    readme.html
    wp-activate.php
    wp-blog-header.php
    wp-comments-post.php
    wp-config.php
    wp-config-sample.php
    wp-cron.php
    wp-links-opml.php
    wp-load.php
    wp-login.php
    wp-mail.php
    wp-settings.php
    wp-signup.php
    wp-trackback.php
    xmlrpc.php


    Delete everything except for the wp-content folder and the wp-config.php file.

    I repeat: DO NOT, by any circumstances delete wp-content or wp-config!

    Now your folder should look pretty empty, with only these two left

    wp-content
    wp-config.php


    Check the files and folders for random / odd looking code.

    In wp-content folder. You should see:

    plugins
    themes
    uploads
    index.php


    Delete and upload a fresh copy of your plugins.

    Remove any themes you aren’t currently using.

    Be careful that you don’t permanently remove any parent themes used by children themes.

  4. Upload WordPress

    Upload everything in the fresh WordPress download except for wp-content (this is the file you downloaded in step 1)

    I repeat: DO NOT replace / overwrite the wp-content folder. I normally delete from my computer so I don’t accidentally upload it to the server.

  5. Change Passwords + remove unrecognized users.

    Change the passwords for your users. Removing any users you do not recognize.

Isaac Adams-Hands

Full Stack Developer, Digital Marketer, and InfoSec enthusiast. He received his Bachelor’s Degree from the University of Western Sydney and his Business Diploma from Georgian College before joining various marketing positions in search portals, e-commerce, higher education, and addiction recovery services.

Follow @ twitter

Related posts

Adding the_excerpt in WP

How to add auto excerpts to a WP Theme: For this example, I’m using the WP Bootstrap Starter theme (remember to create a Child theme, or you will lose any edits after you update). You need to locate content.php file, it should be under the template-parts folder: Find the code: Approx. line 33. Replace with:… Read More

Dynamic Page Listings in #WP

Here is how-to dynamically list all children pages associated under a parent page in WordPress. This allows you to change and update pages without updating a sidebar widget/page, and removes the need to create numerous distinct sidebars/sections. To enable this code, add it to your WordPress themes functions.php file, then add the shortcode to the… Read More