How do I remove malware from my website?

How do I remove malware from my website?

Overview

If your website is infected with malware, it may show spam content, redirect visitors, or behave unexpectedly. This guide explains how to identify, remove, and secure your site after an infection using your hosting control panel.

Step-by-Step Guide

1. Identify signs of malware

Common symptoms include:

• Unexpected redirects to other websites
• Spam pages appearing in search results
• Unknown files in your hosting account
• Sudden performance issues
• Browser security warnings

2. Enable maintenance mode

Before cleaning:

• Log in to your hosting control panel
• Go to File Manager
• Open `public_html`
• Temporarily rename `index.php` or upload a maintenance page

3. Scan your website files

Check the following directories:

• `public_html`
• `wp-content/uploads`
• `wp-content/plugins`
• `wp-includes`

Look for:

• Recently modified files you don’t recognize
• Randomly named `.php` files
• Obfuscated code (`base64`, `eval`, long encoded strings)

4. Remove infected files

• Delete suspicious or unknown files

• Remove any plugins or themes you did not install

• Replace WordPress core files:

  • `wp-admin`
  • `wp-includes`

Use fresh downloads from official WordPress files.

5. Clean the database

Access phpMyAdmin and check:

• `wp_posts`
• `wp_options`

Remove:

• Spam links
• Injected scripts
• Suspicious redirects or iframe embeds

6. Reset all access credentials

Immediately change:

• WordPress admin passwords
• Hosting account login
• FTP accounts
• Database user passwords

Also remove unknown WordPress users.

7. Check for backdoors

Malware often hides to reinfect your site. Check for:

• Hidden `.php` files in `/uploads`
• Files with names like `class-wp.php`, `cache.php`, `system.php`
• Recently modified files in unexpected locations

8. Secure your website

After cleaning:

• Install a security plugin (e.g. Wordfence)

• Disable file editing in WordPress:

   

  `define('DISALLOW_FILE_EDIT', true);`

   

• Ensure correct permissions:

  • Files: `644`
  • Folders: `755`

9. Restore from backup (if needed)

If cleanup is too complex:

• Restore a known clean backup
• Then immediately update everything and scan again

Important Notes

• Malware often returns if a backdoor is not removed
• Outdated plugins are the most common infection source
• Always verify backups before restoring them
• Full cleanup includes files + database + passwords

Common Issues & Fixes

Malware comes back after removal

Likely causes:

• Hidden backdoor file not removed
• Infected plugin or theme still active
• Passwords not fully reset

Website still shows spam in Google

• Wait for Google to recrawl the site after cleanup
• Use Search Console to request reindexing
• Ensure no malware remains in public pages

Cannot locate infected files

Try:

• Sorting files by “last modified” in File Manager
• Checking `/uploads` carefully
• Reviewing recently installed plugins/themes

Need Help?

If malware persists after cleanup, your hosting support team can perform deeper scanning, identify hidden backdoors, and assist with full site recovery.

Related Guides

• https://websitehosts.uk/blog/why-is-my-website-down
• https://websitehosts.uk/blog/what-is-malware-scanning-for-websites
• https://websitehosts.uk/blog/what-to-do-if-your-website-gets-hacked
• https://websitehosts.uk/blog/how-to-change-wordpress-password
• https://websitehosts.uk/blog/how-to-secure-a-hosting-account
• https://websitehosts.uk/blog/how-to-keep-website-secure-hackers-phishing-attacks
• https://websitehosts.uk/blog/get-a-free-ssl-certificate
• https://websitehosts.uk/blog/how-to-install-ssl-directadmin

Related Hosting Services

• https://websitehosts.uk/shared-hosting-uk
• https://websitehosts.uk/business-web-hosting-uk
• https://websitehosts.uk/cloud-hosting