How to Remove Malware Manually from WordPress

By Anurag Singh

Updated on Jul 12, 2024

How to Remove Malware Manually from WordPress

In this blog post, we'll explain how to remove malware manually from WordPress CMS. It involves several critical steps.

Removing malware manually from your WordPress CMS involves several critical steps. This process requires attention to detail and some familiarity with WordPress, FTP, and basic web security practices. Here's a step-by-step guide to help you through the process.

Step 1: Backup Your Site

Before you start, create a full backup of your WordPress site, including both files and the database. This ensures you can restore your site if anything goes wrong during the cleanup process.

Step 2: Identify the Malware

2.1 Scan Your Site

Install a security plugin such as Wordfence Security, Sucuri Security, or MalCare Security. After activating the plugin, run a full scan to identify infected files and suspicious activities. Note the paths and names of the infected files for further inspection.

2.2 Check for Unusual Files and Code

Access your WordPress files using FTP or a file manager provided by your hosting provider. Carefully inspect the core WordPress files, themes, and plugins. Look for:

  • Unfamiliar PHP files.
  • Recently modified files that you didn't change.
  • Unusual code in critical files like wp-config.php, .htaccess, and index.php.

Step 3: Remove the Malware

3.1 Clean Infected Files Manually

Open the infected files identified during the scan. Carefully examine and remove any malicious code. Be cautious not to delete legitimate code. If unsure, refer to the original files from a fresh WordPress download for comparison.

3.2 Replace Core WordPress Files

Download the latest version of WordPress from wordpress.org. Extract the downloaded files and upload the wp-admin and wp-includes directories to your site via FTP, replacing the existing ones. Avoid overwriting the wp-content directory to preserve your themes, plugins, and uploads.

3.3 Clean the Database

Access your database using phpMyAdmin or a similar tool. Search for suspicious content in tables such as wp_options, wp_posts, and wp_users. Look for unusual data, especially in the option_value field of the wp_options table, and delete any malicious entries.

Step 4: Secure Your Site

4.1 Update WordPress, Themes, and Plugins

Ensure that your WordPress installation, themes, and plugins are all up-to-date. Outdated software is more vulnerable to attacks. Also, remove any unused themes and plugins to reduce potential entry points for malware.

4.2 Change Passwords

Change passwords for all WordPress admin accounts, FTP accounts, and the database. Use strong, unique passwords for each account to enhance security.

4.3 Harden WordPress

To further secure your site, consider the following actions:

Disable File Editing: Add define('DISALLOW_FILE_EDIT', true); to your wp-config.php file to prevent editing files through the WordPress dashboard.
Limit Login Attempts: Install a plugin to limit login attempts and prevent brute force attacks.

Step 5: Monitor and Maintain

5.1 Continuous Scanning

Keep a security plugin active on your site to continuously scan for malware and vulnerabilities. Set up alerts for any suspicious activity.

5.2 Regular Maintenance

Regularly check for updates to WordPress, themes, and plugins. Periodically review your site's files and database for any unusual changes or activities.

If you required further assistance, feel free to contact us.

Conclusion

Manually removing malware from your WordPress CMS requires a thorough approach and attention to detail. By following these steps, you can identify and eliminate malware, then secure your site to prevent future attacks. Regular maintenance and monitoring are crucial to keep your WordPress site safe and secure.