Practically anyone can use this step-by-step guide to remove WordPress malware.
You need to be prepared to get your hands dirty and comfortable with FTP and File Manager, however. If this is not your cup of tea, you may want to try to fix your hacked WordPress with plugins.
All right, let’s start.
Step 1: Scan Your computer
Malware can infect your WordPress in different ways, including if your computer has a virus which leaks your FTP password. In fact, this is quite common. So first of all, make sure your computer is free of viruses. We recommend that at least malware bytes be scanned and other anti-viruseslike AVG or Kaspersky should be doubly secure.
Step 2: Change your cPanel / ftp password
You should change your cPanel and FTP password now that your computer is free of viruses. Make sure it’s a random thing with at least 1 special character like! #< &, a lower-and upper-case mix, plus numbers. Y^jsd7#jBse is a good example.
Step 3: Download WordPress
Download from the official site the latest fresh WordPress package.
Step 4: Extract files
Extract the zip or tar.gz files just downloaded from your computer. Leave the files for now. We’ll return later to them.
Step 5: Delete Malware Infection
Signup for your FTP or cPanel > File Manager.
Your WordPress installation files should look like this on your web host:
wp-admin wp-content wp-includes index.php license.txt readme.html wp-activate.php wp-blog-header.php wp-comments-post.php wp-config.php wp-config-sample.php wp-cron.php wp-links-opml.php wp-load.php wp-login.php wp-mail.php wp-settings.php wp-signup.php wp-trackback.php xmlrpc.php
Delete all you see, except the folder wp-content and the file wp-config.php. You should now look like your installation:
Click and edit the wp-config.php file in your cPanel > File Manager. Make sure that there are no strange or unusual codes. In this file, if there is malware, it generally looks like a long random text string. You can make sure to compare it with the wp-config-sample.php file.
Now enter the folder for wp-content. It ought to look like:
Make a list of the plugins you are using and remove the folder and file index.php. After the cleaning process, you will need to reinstall your plugins.
Go to the folder of themes and delete any theme you don’t use. Then you will have to examine each file in your current topic individually to make sure there are no malware or strange codes in it. If you have a clean backup of your theme sometimes (as on your computer), you should simply delete the whole theme folder in order to be safe.
Check every directory in the upload folder so that you don’t have php files or anything you can’t upload.
Step 6: Re-upload WordPress
You can now upload fresh WordPress files you extracted in Step 4 earlier via FTP.
If you have deleted your subject, you should also re-upload your clean theme backup files.
Step 7: Change WordPress Administration Password and Re-install Plugins
You should now access your dashboard and change the administrative password of your dashboard. Always use a random password to devise. Don’t be tempted to use something basic (actual passwords some people use) like kitten44 or tomcruise. You’re going to get hacked that way.
If you don’t want a random Gsdi6 password!33&W, select a rare sentence with three or more words such as AragornLuvsArwen<3. A powerful password has unusual words, a minimum of 1 number, 1 character and a mixture of upper and lower case characters.
Step 8: Remove Google Warning
Now that your website is malware free, you can submit to Google for a warning to be removed “This website can harm your computer.” Login or create a Google Webmaster Tools account, add your website, click Health and click Malware. And finally ask for a review.