How To Remove Malware From WordPress Website

How To Remove Malware From WordPress Website

A good number of people use WordPress websites on a daily basis for blogging or simply to read blogger’s posts. This makes it very easy for them to get malware infections into their computers if the sites are infected. Removing malware from WordPress is very important if you have a blog. This is because it protects your PC and other devices you use to access the blog from malware. Apart from this, it protects all your users from malware that might be on your site.


Most people are not aware of how to go about removing malware from their WordPress websites.This is understandable because most people who use these websites do not have a lot of experience in removing malware since anyone has access to WordPress websites.

When malware infects your WordPress website, it is not enough to contact Google or host provider. This is because hey only send cookie cutter lists which you are supposed to figure out on your own in order to remove malware successfully. This does not always work for most people due to lack of experience. In fact, most people end up deleting their websites instead of solving the problem. Below are some steps you should follow to remove malware from WordPress website successfully.

malware_alert                                                                        Photo: sitelock

How To Remove Malware From WordPress Website

1. Computer Scan

The first thing you need to ensure you do is to scan the whole computer. This is because one of the ways your WordPress websites can get infected is from computer viruses which create an access to the FTP password. For this reason, scanning of the computer is very important in order to get rid of any viruses that might be in your computer. Malware Bytes is highly recommended for computer scanning. You can also combine this with a scan using powerful anti-viruses such as Kaspersky and AVG. To run a scan in order to check for malware, first and foremost, you will need to open your anti-virus. Once this is done, locate the scan option and click on it. Make sure to choose the scan whole computer in order to ensure the entire computer is scanned for malware. The computer will scan and once it is done, it will notify you of malware and the infected files.

2. Change FTP Password

The next thing you need to do is ensure you have changed the FTP password. As mentioned earlier, malware can create access to the FTP password causing malware transfer to the WordPress website. For this reason, it is very important to change the FTP password as soon as you are done scanning the computer. Make the password less obvious and difficult to guess. A great way to create the FTP password is to use a combination of characters such as !&*, lower case and upper case letters. You however need to make sure the password is easy to remember in case you need it. It is advisable to write it down if it is too difficult to remember.

3. WordPress Download

The third step is for you to download the WordPress. This is supposed to be done on WordPress official website.

4. File Extraction

Once you have successfully downloaded WordPress, the next thing you will need to do is file extraction. The files are extracted from the zip. After extraction, do not do anything with these files; leave them as they are since they are meant to be used at a later stage.

5. Malware Removal

The initial step in removing malware is to log in to the FTP.Your WordPress installation files on your web host should look like this:


Here, you will see all the installation files of WordPress.They should be numerous files arranged horizontally. The next step requires you to be very careful and attentive since it involves removal of certain files. In the file removal step, you are supposed to remove every file you can see but leave two files. The files you are supposed to leave behind are: wp-config.php file and wp-content . Next, open wp-content and list all the plugins that you are using currently. After you have listed the plugins, look for a plugins folder and index.php file and delete them. The listed plugins are meant to be installed once the cleaning process has been completed. The next thing you will need to do is go to themes and check all the themes. If there is a theme you are not using or any suspicious file, delete them. Next, go to the uploads file and ensure no php files exist and that everything on this folder was uploaded by you.

6. WordPress Re-Uploading

This is the step in which you will make use of the files that you extracted from the freshly downloaded WordPress. The files are meant to be uploaded and this is done through FTP. If there are any themes you deleted and would like to re-upload from the theme backup, it is at this step where you get to do this.

7. Website Password Change and Plugins Re-installation

At this stage, you are supposed to be able to access the website dashboard and make changes to the password. When it comes to choosing a password, it is very important to come up with a password that is difficult to guess in order to make it difficult for hackers to gain access to your website. An example of a weak password would be kitty12. This is a password that is used by many of the WordPress users but in different variations and is very easy to crack. You need passwords that incorporate characters like?!<>. Lowercase and uppercase letters should also be included. This will not be easy to guess and will protect your content from hackers and unauthorized access. Once the password has been changed, you can re-install all your plugins in order to enable the website to run as expected.

8.External Malware Scan 

There are some effective online malware scanning solution , “Sucuri SiteCheck ”  scanner will scan your website for common issues free of charge.
Sucuri SiteCheck  will scan your website for malware, defacements, and spam injections.

9. Google Warning Removal

When your WordPress website is infected with malware, Google will send you warnings that the website may cause harm to your computer. Since you have already removed the malware, you need to send the new website to Google in order to enable them to remove the warnings from your website.

In conclusion, it is advisable to follow these steps if you have a WordPress website that is infected with malware. It is easy to follow through and understand and will enable you to solve the issue. If you do not understand the process however, it is very advisable to talk to a friend or expert who has skills in removing malware from WordPress in order to avoid causing even greater damage to your website.

6 thoughts on “How To Remove Malware From WordPress Website

  1. All of this information is necessary to know to secure my wordpress site from malware. Thanks for sharing all valuable info. Hope you will continue your job!

  2. This was a great article that was very helpful in helping me remove the malware from my WordPress website. I really appreciate the time you took to share this information. I was able to clean my site in just a few hours thanks to your tutorial.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.