Malware. The very mention of that word is enough to strike fear into the hearts of programmers, web developers, and bloggers. Okay, maybe that’s a tad dramatic, but a WordPress malware infection is no laughing matter. They can paralyze your website or even your website network in a blink of an eye.
That’s not even the biggest problem. It’s cleaning up the WordPress malware infection that’s the tedious part. Of course, you have to do it or someone has to, but if you’re just a lone blogger and do not have your own tech or anyone who can clean a malware without instructions, then this guide can ease your suffering in the next few hours.
We’ve prepared some of the most basic yet necessary steps you need to take when your website gets attacked. This can ensure that you erase any trace of WordPress malware infection.
1. Check your computer first
There might be a chance that the malware infection you’re dealing with right now is also an internal problem. Although the chances that malware for a WordPress website working the same way for a computer or vice versa is slim, it won’t hurt to double-check. Besides, your problem might keep recurring if it turns out the infection came from your computer.
So, get an antivirus and let it do its job. However, sometimes even the best antiviruses tend to miss malware. So, in this case, you’d want a stronger security software, perhaps something like Malwarebytes to clean everything up. If you want more thorough instructions, this Reddit thread can help you clean your whole computer and it doesn’t take too long to do it.
2. Backup your site
Now that you’ve crossed out the possibility of your computer being infected or have crossed out a factor, it’s time to work on your website. You’re going to need to backup your website files and database; you can easily do this using this website. It helps if your website’s host has a snapshot feature, that makes backups more thorough.
Now, if you find that you can’t log in because of a dirty hack from the said WordPress malware infection, your web host’s File Manager can get you a zip file of your wp-content folder. You can then download this zip file. However, it’s really easier to just log in and do the backup; you can try following these steps; hopefully, you can recover your login access afterward.
3. Download and check the backup
Once you have the backup of your website’s important bits, then it’s time to check the extent of the infection. First, download a fresh WordPress installation from the website. Then, place the backup to your computer (don’t worry, you most likely have antivirus, right?) and then compare the WordPress core files of the downloaded backup to the actual WordPress core files of a fresh download from WordPress.
These two should have the same contents since they’re core files. If they don’t purge anything that’s amiss. You’ll also want to look closely at the wp-content folder in your downloaded backup. That folder should have three folders inside named themes, uploads, and plugins. If that’s the case, then the backup was a success. Last but not least, your backup should also have an SQL file that is an export of your database and the wp-config.php file (this one’s of utmost importance).
4. Purge the directory folder
Your backup is intact and ready to be used again once your website is clean. So, it’s time to clean your website. Get in, locate the public_html folder (or the directory where you installed your WordPress website) in your site and then open it. Select everything in the cgi-bin folder or other server-related folders that are clean (you’ll know them when you see them), then delete them all.
You can do this with ease using your web host’s file manager. Make sure to also include the hidden files (or reveal them prior). If you also have multiple websites and you suspect they’re also infected, you’ll have to do steps 2, 3, and 4 for them as well.
5. Reinstall WordPress
Your malware infection is most likely deleted now that you’ve purged the necessary folders. Hence, it’s time to repair your website. Go to your web host’s control panel and reinstall WordPress in the same directory you’ve cleaned in step 4 (public_html directory).
After the installation is finished, go back to the backup you downloaded and copy and paste back the contents of the wp-config.php file to the wp-config.php file in your fresh WordPress install. This will reconnect your new installation to your old database.
6. Change Passwords
Once your barebones website is up and ready, it’s time to change passwords. Make sure to reset all the users and passwords for your website. Here’s the hard part, if you see any unrecognized or suspicious users, your database might be compromised. You’ll need the help of a WordPress developer to so they can fix it and undo any damage done to your database.
Hopefully, that’s not the case. You’ll also want to reset all FTP and hosting account passwords. Afterward, you can then proceed to Settings then Permalinks then click on Save Changes.
7. Reinstall add-ons
Once your website is not fully secure again, it’s time to bring back the themes and plugins. Don’t use your old ones in the backup. Just download them again from the WordPress plugin page. Make sure to avoid old and outdated plugins that are no longer maintained.
It’s important not to use the old plugins and themes you have in your backup as those might have been touched in the WordPress malware infection.
8. Surgically upload your images back
We now come to the harder part of your website re-beautification, images. Each image is categorized by a folder sorted into dates. Unfortunately, there’s no easy or faster way about this; you have to check each and every year/month folder to see if it contains anything other than images. Again, always reveal the hidden files.
If a folder is clean and only contains image format files (.JPG, .PNG, .GIF, etc.) then it should be safe to copy them to your now clean website. If not, then you might have to clean them with your PC tools or delete them altogether if they’re lost.
9. Run your security plugins
By now, your website should be up and running with all its plugins and defenses shored up. Whether you’ve replaced your security plugin or stuck with the old one, give it run and scan your whole website. Although, you might want to ditch the one which managed to let the malware in the first place.
In case the WordPress malware infection happens again, at least you’ll have the knowledge to deal with it professionally.