How do I remove malware from my website?

23 views

How do I remove malware from my website?

Overview

If your website is infected with malware, it may show spam content, redirect visitors, or behave unexpectedly. This guide explains how to identify, remove, and secure your site after an infection using your hosting control panel.

Step-by-Step Guide

1. Identify signs of malware

Common symptoms include:

  • Unexpected redirects to other websites
  • Spam pages appearing in search results
  • Unknown files in your hosting account
  • Sudden performance issues
  • Browser security warnings

2. Enable maintenance mode

Before cleaning:

  • Log in to your hosting control panel
  • Go to File Manager
  • Open public_html
  • Temporarily rename index.php or upload a maintenance page

3. Scan your website files

Check the following directories:

  • public_html
  • wp-content/uploads
  • wp-content/plugins
  • wp-includes

Look for:

  • Recently modified files you don’t recognize
  • Randomly named .php files
  • Obfuscated code (base64, eval, long encoded strings)

4. Remove infected files

  • Delete suspicious or unknown files

  • Remove any plugins or themes you did not install

  • Replace WordPress core files:

    • wp-admin
    • wp-includes

Use fresh downloads from official WordPress files.

5. Clean the database

Access phpMyAdmin and check:

  • wp_posts
  • wp_options

Remove:

  • Spam links
  • Injected scripts
  • Suspicious redirects or iframe embeds

6. Reset all access credentials

Immediately change:

  • WordPress admin passwords
  • Hosting account login
  • FTP accounts
  • Database user passwords

Also remove unknown WordPress users.

7. Check for backdoors

Malware often hides to reinfect your site. Check for:

  • Hidden .php files in /uploads
  • Files with names like class-wp.php, cache.php, system.php
  • Recently modified files in unexpected locations

8. Secure your website

After cleaning:

  • Install a security plugin (e.g. Wordfence)

  • Disable file editing in WordPress:

     

    define('DISALLOW_FILE_EDIT', true);

     

  • Ensure correct permissions:

    • Files: 644
    • Folders: 755

9. Restore from backup (if needed)

If cleanup is too complex:

  • Restore a known clean backup
  • Then immediately update everything and scan again

Important Notes

  • Malware often returns if a backdoor is not removed
  • Outdated plugins are the most common infection source
  • Always verify backups before restoring them
  • Full cleanup includes files + database + passwords

Common Issues & Fixes

Malware comes back after removal

Likely causes:

  • Hidden backdoor file not removed
  • Infected plugin or theme still active
  • Passwords not fully reset

Website still shows spam in Google

  • Wait for Google to recrawl the site after cleanup
  • Use Search Console to request reindexing
  • Ensure no malware remains in public pages

Cannot locate infected files

Try:

  • Sorting files by “last modified” in File Manager
  • Checking /uploads carefully
  • Reviewing recently installed plugins/themes

Need Help?

If malware persists after cleanup, your hosting support team can perform deeper scanning, identify hidden backdoors, and assist with full site recovery.

Go back Similar articles
Top