How to Remove Malware from a WordPress Site
June 17, 2020 | By Admin
Knowing about the removal of malware from a WordPress site is an amazing skill that every site owner should learn. Malware is a type of malicious software that contains harmful files and programs, which can cause damage to your system, website, networks, and servers.
In this article, you will know how to remove malware from your WordPress site.
How can Malware affect your website?
As we all know, WordPress is secure and well maintained, but still, multiple vulnerabilities can compromise your website and visitors to several malware threats. So, paying attention to your website security should be your top priority.
Some of the risks imposed by malware are:
- An unexpected spike in server resource consumption.
- Negative impact on SEO.
- URL is getting redirected to some malicious website.
- Spam content in the form of links or suspicious emails.
- Compromised confidential data, like customer’s personal information.
- Unwanted modifications to your website or content.
So, keeping your website’s security up to date and knowing how to remove it can protect your WordPress site from such threats.
How to remove malware manually from your WordPress site?
WordPress malware removal is not an easy process; you always have to ensure that it is removed permanently from your WordPress site. The manual procedure might take some time and require additional technical knowledge, but it can provide insight into the attack.
If you are trying to use a simple method to remove the malware, you must try a security plug-in instead.
Backup your WordPress site
You must always back up your website before making some certain changes to its core files. There are two different ways to perform this, depending on whether you are locked out of your website or not.
If you are not able to login to your site, you must save a copy of your website through an FTP or hosting file manager.
For FTP – Open the website manager, and click on Connect. Then download the “public_html” file on your system. You need an FTP client to perform this.
File Manager – Right-click on the “public_html” and click on Compress. Then, save the file on your computer by right-clicking on it and select download.
If you still have access to your WordPress site, you can use some plugins to save your time. Also, you must always store a backup of your website locally as well.
Run a Malware Scan on your system
You can use a malware scanner or anti-virus software to fix and diagnose issues in your website’s files. Once the scan is successful and helps you locate and eliminate the problems, you should change your FTP password and re-upload the website files.
Download a new WordPress Copy to Install
You can download a new WordPress and re-upload the files to your site using the file manager or FTP.
Open the File Manager, click on Upload Files and find the WordPress compressed file. Once the uploading is done, right-click on the file to extract and then enter the save destination. You must copy every file, leaving the compressed file to public_html.
Reset the WordPress Password
If several users are operating your website, then the attack might happen in one of their accounts. It is highly recommended that you reset every user’s account password, log out from each account, locate any suspicious or inactive user account, and remove them.
Change your website password into tough combinations, so that it can’t be easily breached. You can also use a random password generator to make a complicated password.
Re-install Themes and Plug-ins
Once you have removed the malware from your WordPress site, you should re-install the removed themes and plugins that you previously installed. Make sure to leave out those plugins that are no longer maintained and are outdated.
Also, you must install some effective security plugins to protect your website from such attacks and easily remove them.
Remove Warning Label on the Google SERP
Once your WordPress site is free from malware, there would still be a warning label from Google SERP. It would help if you asked them to remove it.
Step 1: Open the Google Search Console and register your WordPress site. If you already have an account, then skip to the third step.
Step 2: Verify the site using the URL or Domain prefix.
Step 3: Locate the “Security and Manual Actions” option. Click on it and select “Security Issues.”
Step 4: It will show you your website’s security report, in that tab; you must select “Request a review.”
Always make sure that the malware is successfully removed from your website before making a review request. Otherwise, it would be considered as “Repeat Offender,” and you will not be able to make a request for another 30 days.
Malware could be a major threat that can remove all your trust and credibility from your website while also affecting you and others. So, read the article carefully and know how to remove malware from your WordPress site.