5 Experts Secrets to remove malware from WordPress – 2021


Last Updated on August 31, 2021 by Sarwar

Recently a few months ago, My 7 websites got infected from a malware script code. I was literally knowing nothing about that script and It was just redirecting my users to an adult page, Which was really disturbing. Later on, after researching I got 5 extraordinary methods that really helped me to remove malware from wordpress sites and recover it.

Before starting with the main topic, Let’s discuss some prevention techniques and basics to avoid your losses.

What are malware script injections? How does it occur?

These are some malicious codes and scripts that are injected into your site webpages or resources file such as (.js, .css, .php) by hackers to redirect and manipulate the users through their commands. Using Nulled Plugins and Themes are the main reason for malware scripts injections.

Easy ways to prevent malware from websites?

Here are some basic rules to prevent malware viruses from your wordpress sites.

1. Always use licensed and original plugins and themes
2. Regular update your plugin and themes
3. Avoid spam links to your site
4. Daily virus checkup using Virustotal or Sucuri
5. Avoid unknown and random permissions

5 Ways to remove malware from WordPress

I got almost 50-60 results while researching for removing malware from my site, But these are the best and easy ways to remove malware from WordPress.

Use Sucuri.net

I have tried all the malware scanners on the web. But according to me, sucuri gives the best-detailed data about the virus with an in-depth scan absolutely free. If your site is suffering from a malware virus and you don’t know about it. Then a random sucuri scan will give you more than enough information about it.

Remove the Infected Files

It is really difficult to find the infected file in your WordPress directory, But here are some files that are often used by hackers in your WP-Includes file to infect your site.

  • wp-feed.php
  • wp-vcd.php
  • wp-tmp.php

After clearing the infected files from WP-includes hover on to WP-content>theme>Your_theme. Check these following files with unknown codes that don’t match the indentation of your site.

  • footer.php
  • header.php
  • functions.php

Look for a spammy code like image 1.0 in these following files and remove it.

Image 1.0

Good Security Plugin

Good security plugins always help a lot in identifying the exact problem. Personally, I am using Wordfence and Sucuri Security plugins for my sites for identifying and removing the virus from my site.

Here are some of the best security plugins you can use for free on WordPress.

  • Jetpack Security’
  • WP-Scan
  • Sucuri Security
  • Wordfence
  • BulletProof Security

PRO TIP: Make sure you run a regular site scan once a week to ensure the proper working of the site. Use Wordfence to run a standard scan (Personally recommended)

Disable Directory Listing

One of the major issues that help the hackers to get more information about your site, many servers allow you to browse a website directory and leads to information leakage. Here is a small fix that helps to disable the directory listing to protect your sites from information leaks.

Browse to your FileManager>public_html>.htaccess

Options -Indexes

Add this code at the last of your .htaccess file to disable directory listing

Warning: Take a backup of your .htaccess in order to avoid accidents

Reinstalling Site

This is one of the most effort and time taking processes. But, It always ends with good results. If after trying all the methods and hacks you are not getting your issues resolved then the only way for cleaning your site is by re-installing WordPress.

Don’t take reinstallation as work take it as a punishment for no-regular checks and maintenance.

Here is the step-by-step detailed video and article for restoring your WordPress site.

Last Words

If you are facing problem-related with malware on your site let me know on your contacts page. I’ll try to reach out and help within 24hrs. Till then you can try these 5 methods to remove malware viruses and prevent them to damage your site.

Also Read.