Due to its widespread use, WordPress has become a frequent target for cyberattacks. In fact, 70% of the 40,000 WordPress websites listed in Alexa’s Top One Million are susceptible to hacking attempts.
Common indicators of a hacked site include defaced web pages, links to malicious websites, Google blocklist warnings, and white screens of death. If you encounter any of these issues on your WordPress site, it’s likely been compromised or infected with malware.
Once you identify that your WordPress website has been hacked, it’s crucial to act swiftly to recover it. In this guide, we’ll demonstrate how to manually remove malware from a compromised website.
While it is possible to recover a hacked WordPress site, the process demands a solid understanding of website maintenance and hosting.
If you find the following tutorial too difficult, consider using a WordPress malware removal plugin or hiring a specialist to help with the task.
Contents
1. Prepare for WordPress Malware Removal
First and foremost, remember that you can fix your hacked WordPress site. It might take some time and effort, but you can recover from this incident. Staying calm and following the appropriate recovery steps is crucial.
Before removing malware from your WordPress site, take these preparatory steps to ensure the safety of your data:
Step 1: Restrict Access to the Website
If your WordPress site is redirecting visitors to shady, unsecured websites, it’s likely been hacked. An infected site can lead visitors to dangerous sites and compromise their personal details.
To prevent the further spread of hidden malware, restrict access to your WordPress site. You can do this by editing the .htaccess file through your hosting control panel’s File Manager or an FTP client like FileZilla. In this tutorial, we’ll use Hostinger’s File Manager on hPanel.
Step 2: Check Available Backups
For those who have maintained regular backups, this step should be straightforward. If restoring your WordPress site using the most recent backup is not an option due to the infection, an older backup can serve as your fallback, allowing you to recover pre-hack data and expedite the recovery process.
If you don’t have your own backups, contact your web host to see if they have a backup of your website files. Many hosting providers, such as Hostinger, offer daily and weekly backups as part of their shared hosting plans.
Step 3: Update All Passwords and Access Keys
Hackers often use malware to perform brute force attacks, attempting to crack the login credentials of administrator accounts. Changing all your passwords can help thwart these attempts and reduce the risk of further security breaches on your WordPress site.
Ensure you use strong, unique passwords and avoid reusing them across multiple accounts. Online tools like Secure Password Generator and Random Password Generator can help you create unpredictable, secure passwords with a mix of letters, numbers, and special characters.
The following are some of the accounts that need a password reset at the soonest opportunity:
- Hosting account ‒ most hosting providers, including Hostinger, put the password change feature on the account information page.
- FTP accounts ‒ having your FTP accounts compromised will allow hackers to launch FTP bounce attacks. Minimize this risk by changing the password of both your primary and secondary accounts.
- SSH accounts ‒ change your account passwords and setup SSH keys to prevent hackers from accessing your website data.
- WP-Admin credentials ‒ change your admin password and the login credentials of other WordPress user accounts that have access to your site’s backend.
- WP Salts ‒ changing your WordPress Salt keys will help keep your login details hashed, strengthening your WordPress account against brute force attacks.
Step 5: Update WordPress and Associated Components
Keeping your WordPress installation and associated components updated is crucial for maintaining the security of your website. Outdated software can expose vulnerabilities that hackers may exploit to compromise your site.
Here’s what you need to do to ensure everything is up to date:
- WordPress Version: Update your WordPress installation to the latest version. You can do this directly from the Updates tab in your WordPress admin dashboard. Hostinger users can perform this update through the hPanel dashboard.
- Themes and Plugins: Regularly check for updates to your themes and plugins. Outdated plugins and themes can be potential entry points for attackers. Remove any unused themes and plugins to reduce the risk of security breaches.
- PHP Version: Ensure that your PHP version is up to date. Hostinger users can update their PHP version using the PHP Configuration menu within the Advanced section of the hPanel dashboard. Keeping PHP updated helps maintain compatibility and security for your WordPress site.
2. WordPress Security: Protecting Your Website Against Malware
WordPress, being one of the most widely-used website platforms, is a prime target for cyberattacks. Shockingly, 70% of the 40,000 WordPress websites listed in Alexa’s Top One Million are vulnerable to hacking attempts.
Common signs of a hacked WordPress site include defaced web pages, redirects to malicious websites, Google blocklist warnings, and white screens of death. If you notice any of these signs on your WordPress site, it’s likely compromised or infected with malware.
In this comprehensive guide, we’ll walk you through the process of removing malware from a hacked WordPress website, covering both manual and automatic removal methods.
How to Remove Malware Manually from WordPress Site
- Prepare for WordPress Malware Removal
- Reinstall WordPress Core Files
- Compare Infected vs Clean WordPress Installation
- Clear Out PHP Files from Uploads
- Look For Backdoors Within Your Files
- Inspect the SQL Database File
- Review the Code for Each Page and Post
- Remove Your Website from URL Blocklists
While recovering a hacked WordPress site is feasible, it demands a fair level of technical expertise in website maintenance and hosting. If the manual removal process seems daunting, consider utilizing WordPress malware removal plugins or hiring a specialist.
3. Analyze Infected vs. Clean WordPress Installation
Now that you have both infected and clean WordPress files, organize them into separate folders and compare their contents using your FTP client. Utilize FileZilla’s Directory Comparison feature to expedite the process. For larger files, consider employing Beyond Compare for a more efficient comparison.
Focus your attention on JavaScript and PHP files, as they are common targets for malware infiltration. Subsequently, upload the clean WordPress files to your website as necessary and regularly monitor its functionality.
Alternatively, leverage the diff command in SSH to conduct a detailed comparison between the infected and clean folders:
diff -r wordpress-clean/ wordpress-infected/ -x wp-content
4. Eliminate Suspicious PHP Files from Uploads
As malicious PHP files could be the root cause of your compromised site, purging PHP files from your Uploads directory is a crucial step in the WordPress website restoration process.
You can manually accomplish this task through an FTP client by navigating to the Uploads folder within the wp-content directory. Most FTP clients, such as FileZilla, provide a filter function to simplify this process. Alternatively, you can utilize the find command in SSH:
bashCopier le codefind . -name "*.php"
5. Identify and Remove Potential Backdoors
Hackers often implant backdoors into files to create security vulnerabilities within your WordPress site. Therefore, it’s imperative to eradicate any compromised files that may harbor them.
Backdoors typically resemble WordPress core files and are commonly found within wp-config.php, as well as files within plugins, themes, and uploads directories.
To detect possible backdoors, scrutinize your files for the presence of these PHP functions:
- base64
- exec
- move_uploaded_file
- str_rot13
- gzuncompress
- eval
- stripslashes
- system
- assert
- preg_replace (especially with the ‘/e/’ modifier)
6. Scrutinize the SQL Database
Even your database isn’t impervious to malware injections. Once you’ve ensured the cleanliness of your WordPress core and content files, it’s time to delve into your database.
Begin by exporting your MySQL database as an .sql backup file via phpMyAdmin. Utilizing a text editor like Sublime, meticulously inspect the file for any malicious content. Avoid deleting suspicious entries from your database backup file; instead, make note of their locations and proceed to the next step.
7. Validate Code Across Pages and Posts
During this phase, meticulously examine your posts, pages, and comment sections for any malevolent entries. Scrutinize their revision history to uncover any suspicious activity.
Focus particularly on areas where you detected dubious entries in Step 6. Utilize a text editor to eradicate all malevolent code and, if necessary, reformat the content.
Additionally, take the opportunity to eliminate any spam messages discovered during the cleanup process.
8. Delist Your Website from URL Blocklists
At this juncture, your WordPress site should be devoid of malicious code. Your final task is to remove your website’s URL from Google’s blacklist.
Navigate to Google Search Console from your admin dashboard, then access the Security & Manual Actions -> Security issues tab. Choose “I have fixed these issues” -> “Request a review” to prompt Google to evaluate and re-index your WordPress site.
Remember, Google may take a few days to process the request for removal from the blocklist.
Automated Removal of WordPress Malware
Hostinger offers an advanced security feature through its integrated Malware Scanner in the hPanel dashboard. This tool provides an automated process to scan websites for suspicious files, promptly addressing any malware threats detected. Additionally, it offers a convenient malware indicator on the hosting dashboard, providing users with a quick overview of their website’s security status.
Step 1: Accessing the Malware Scanner Begin by navigating to the Security → Malware Scanner menu on the left sidebar of your hosting dashboard. Here, you’ll find a summary of the latest scan results, including details on the number of malware files detected, removed, and cleaned.
Step 2: Exploring Malware Removal Services While automated tools like Malware Scanner offer robust protection, sometimes professional assistance is necessary, especially for complex malware infections. Various WordPress security plugins and services specialize in malware removal and website protection.
Step 3: Hiring a WordPress Security Expert When considering professional help, it’s crucial to hire a reputable WordPress security specialist. Platforms like Upwork, Fiverr, and Codeable host numerous experts available for hire. When selecting a specialist, ensure to review their portfolio, client feedback, and work ethic to find the best fit for your needs.
Conclusion:
Protecting your WordPress website from malware is essential for maintaining its integrity and safeguarding your brand’s reputation. Whether utilizing automated security measures like Malware Scanner or seeking professional assistance, taking proactive steps to address malware threats is vital. By promptly addressing any security issues, you can mitigate potential damage and ensure the continued success of your website.
👉🏼 Explore Related Resources :
