10 Steps to fix malware infected WordPress
Step 1: Backup all your database and files
Use the web host’s site snapshot feature to back up the whole site. As the site will be large, downloading will take time. You can also try the WordPress backup plugin if you could log in. If you couldn’t, it means your database has been compromised. Here comes the MalCare plugin from BlogVault, an affordable and quick way to fix malware infected WordPress. Available as both free and paid versions (paid version at $99/year) Now make an additional backup of the database using the MalCare plugin. In case you could log in then use tools > click ‘Export’ and export an XML file of your whole content. Also, if you have multiple WordPress installs on the server, you’ll have to back up each one.
Note: Don’t forget to back up your .htaccess file then download it. You can locate this invisible file in the file manager of the web host. You need this backup data to copy back onto your clean site. Sometimes the .htaccess file could also get hacked, so make sure to examine it further.
Step 2: Download and scan backup files
Once file backup is done, download it and then open the zip file and check out the following files in the process of how to fix malware infected WordPress.
WordPress Core files: Download WordPress from WordPress. org and match your downloaded files to your files on WordPress. You need these files later to examine the hack. wp-config. php file: Most important file, as it includes your name, username, and password to the database on your WordPress, which will be used for the restore process. . htaccess file: Use an FTP program (ex-FileZilla) to view the backup folder or your invisible file. wp-content folder: In this folder, you will find three folders including uploads, themes, plugins, and uploaded images. It shows you have an excellent backup of your site. The database: For emergencies, you should keep an SQL file of your database export.
Step 3: Delete every file in the public_html folder
Once you are confirmed about your complete backup > now delete all your files in the public_html folder using the file manager of the web host Leave the cgi-bin folder and other server-related folders (free of hacked files) Use file manager over FTP to delete files, as it is much faster than later ones. If you are ok with SSH then that will also work. (don’t forget to delete compromised invisible files)
Note: In case you are running multiple websites on the same account, then don’t forget to follow the same steps for every site. Cross-infection is possible so backup them all, download, and clean them.
Read More: YoWhatsApp is Malware in Guise of A Better Version of WhatsApp
Step 4: Reinstall WordPress
Now it’s time to reinstall WordPress. If it was originally installed in the public_html directory then reinstall WordPress in the same location. If it was in the subdirectory then install it in an add-on domain. Take reference from your backup and edit wp. config. php file on the newly installed WordPress. This will help you connect the old database to the newly installed WordPress.
Note: Do not reupload the previous wp-config.php file, as the new one will be free of any hacked codes. Also, the new installation will have new login encryptions.
Step 5: Reset permalinks and password
Login to your new site > reset every username and password In case you find any unrecognized users, that means your database has been compromised. In this case, you need to contact a professional to remove any unwanted code left in your database.
Step 6: Reinstall plugins
Now you can reinstall all of the plugins from the premium login developer or WordPress repository. Make sure you don’t install previous plugins, that’s how you fix malware infected WordPress.
Step 7: Reinstall Themes
Further, install themes from new downloads. Users can customize the theme files, take references from backup files and replicate the new changes in the current file.
Note: Do not use the previous theme, as it will be difficult to recognize hacked files.
Step 8: Scan and upload images from backup
Here comes the tricky step in the process of how to fix malware infected WordPress, the user needs to upload images from the backup files. But you need to be careful to not copy any hacked files to new WordPress content. For this reason, follow the following steps:
Examine every folder, year/month on them Open each folder and ensure there are only images inside and not H or JavaScript files or anything other than what you uploaded on your media library. Once you are confirmed about your images you can upload them on the server using FTP.
Read More: Uninstall these Malware-Laden Apps from Your Device Immediately
Step 9: Scan your system
Scan your system for trojans, viruses, and malware.
Step 10: Install and activate security plugins
When you are done with every step mentioned above, now it’s time to protect your server for the future. For that follow the further steps in the process of how to fix malware infected WordPress:
Install the Shield WordPress Security plugin by iControlWP and activate it. Go through all its settings and run an audit feature for some months, to track every activity on site. Run Brute-Force Firewall and Anti-malware and scan your site thoroughly. Confirm everything is covered by using Sucuri’s Site check. Once you verify the clean site, deactivate the Anti-Malware plugin as you don’t need two firewall plugins at the same time. This shield will inform you in case there is any change in the core files.
Bottomline
Though the whole process of fixing malware infected WordPress is a long and treacherous journey. But users have to be careful and patient throughout the process. The infection may seem gone but recovery is still complicated. Users have to identify certain patterns which are in use as malicious code. And sometimes, even after following the above-mentioned steps, users may need to seek medical advice. Hopefully, now you know how to fix malware infected WordPress. How was your experience in the comment section?
Read More: How to Build a WordPress Website Locally Using XAMPP and WAMP?
