Cleaning up malware/virus from WordPress sites

Engaging an expert is always recommended to clean up WordPress sites. Cleaning up is not entirely complicated, however requires some patience in order to complete the process.
If you must perform the clean up manually, you may refer to the steps below.

1. Record down the theme and plugins in use on the website.
2. Download clean copy of WordPress core files, themes and plugins from official WordPress repository or official marketplace (for premium/paid themes and plugins).
3. Backup your web files and database before performing the clean up.
4. Delete all files in the web root folder except wp-content, wp-config.php and .htaccess.
5. Inspect wp-content folder, wp-config.php and .htaccess file to ensure there is no suspicious code in the files.
6. Delete all files in wp-content/themes.
7. Delete all files in wp-content/plugins.
8. Upload clean copy of WordPress core, themes and plugins to your web server.
9. Change all passwords (including WordPress admin, FTP, control panel and database) to a new, strong password. Do not use back old password for security purpose.
10. Update new database password in wp-config.php.
11. Replace secret key in wp-config.php to force active users to log off from active session.
12. Upgrade WordPress core, plugins and themes to the latest version.
13. Re-scan the website once it is cleaned and patched to the latest version.

  • 7 Users Found This Useful
Was this answer helpful?

Related Articles

cPanel: Disable WP-Cron

WordPress uses a built-in scheduling system called wp-cron to handle time-sensitive tasks like...

Configuration for WP Mail SMTP Plugin

Sending mail through scripts will require SMTP authentication. In order to be able to send mails...

Change and hide WordPress admin URL

There will always be brute force attack on your WordPress site no matter how strong or reliable...

Install WordPress using Softaculous

Softaculous is available in cPanel and DirectAdmin control panel.Please follow the steps below to...

Remove /wp directory from WordPress installation

For a fresh WordPress installation, you may always delete the existing installation and reinstall...