How To Remove Malware From WordPress In 7 Steps

on October 19, 2016

How To Remove Malware From WordPress In 7 Steps
Malware is any software used to disrupt a computer operations, gather sensitive information, gain access to private computer system. Malicious software also referred as computer viruses.

Malware hop from one system to other. The fore most thing for a website owner is protecting the user. Hence it is very important to remove malware. This post gives you step by step guide to remove malware in your WordPress.

Table of Content

1. Scan Computer


Scanning the whole computer the first thing to do. Malware infect your WordPress in various ways, it creates an access to FTP password. So that the malware can access the sensitive data easily. Malware Bytes is highly recommended for scanning, you can also combine this with other powerful anti-viruses such as kaspersky & AVG. The computer will scan and once it is done, it will notify you of the infected files and the malware to be removed.


Easy One Click Solution: Give your WordPress website an iron clad protection improve both onsite and serverside security. Buy Website Realted Security Service

Online Scanner

Website malware scanner is a an cloud based application that scans website and generate security report. This online malware remover investigate the URL and checks for the suspicious Scripts, malware media and other web security threads hidden inside the websites and remove malware.

Live Scanner

There are lots of effective online malware removing solutions. “Sucuri SiteCheck” scanner will checks all the website from the common issues for free of charge. Of course, there aren’t many free live scanner out there on the market that are truly willing to give you a report without asking to register or payment of some kind.

Sucuri SiteCheck

will scan your website for an malware, defacement, and spam injections.

2. Change FTP Password

Now you should change the FTP password. Malware can create access to FTP password so that the sensitive data can be accessed and misused. After scanning your computer make sure that you need to change the FTP password. Try to keep the password random with at least 1 special character like !#<&, a mix of lower and upper case plus numbers will make the password more strong

Example Password: don’t_over&ruleme001

3. WordPress Download

You should to download latest WordPress package from the WordPress official site.

4. Extraction Of File

Once you have downloaded WordPress Successfully, the very next thing you need to do is file extraction, it will be extract from the zip or tar.gz that you have just downloaded onto your computer, leave those files there for now, let’s come back here in awhile.

5. Remove Malware

removing malware

Initial step to remove malware is log in to the FTP, your WordPress installation files on your web host should look like this

  • wp-content
  • wp-includes
  • index.php
  • readme.html
  • wp-config.php
  • wp-mail.php
  • wp-login.php
  • xmlrpc.php
  • wp-mail.php
  • wp-cron.php
  • wp-signup.php
  • wp-trackback.php

First make a copy before deleting all the WordPress file, delete everything in the site folder except the wp-content & the wp-config.php

Now your installation should like

  • wp-content
  • wp-config,php

If there is malware in the file, it will generally look like a long string of random text, you can compare it to the wp-config-sample.php file to be sure.

wp-content folder looks like

  • plugins
  • themes
  • uploads
  • index.php

The listed plugins are meant to be installed once the cleaning process has been completed. The next thing you will be need to do is go to themes and checks all the themes. If there is any theme that you are not using or you find any suspicious files delete them. Next go to the upload file and ensure no php file exist and that everything on this folder was uploaded by you.

“Peoples computer are not getting more secure, they were getting more infected with viruses, they are getting more under the control of malware.”

6. Re-uploading

This is the step in which you will make use of the files that you extracted from the freshly downloaded WordPress. The files are going to upload and this will be done through the FTP. If there are any other themes you deleted and if u would like to re-upload the same theme means can get from theme backup files.

7. Disable Plugins

Here got an another good tips, if you continue to struggle with identifying the location of the infection while using the scanner, it was the thing very common place to look in the plugin directory. What? most of them don’t realize that you have the option to disable the plugins directory, its not a fire or any current wire so don’t be afraid of “disable”, it simply means you can’t use the plugin. One easy and simple way to do is to be rename the directory.

Recommended Reading: How To Speed Up Your WordPress WebSite In 6 ways

Example: plugins->plugins.backup

This will kill the all plugin that are useless to your website. The point of doing this is to see if the infection is combine or tied to the plugins. If it is, you will see that the live scanners will show the clean you re-scan the website of yours. If this is the case the another very good trick is to narrow down the infection further by disabling one plugin at a time.


This post is a technical overview of how to remove the website malware, but instead of help the location of infections, which turn help you to locate and remove the infection. It’s fundamentally a different approach, believe it or not the most users would be able to use this techniques to quickly narrow down infections.

The first step to removing the malware is to log in to FTP. Make a copy first before you deleting all WordPress file, delete everything in the site folder except the wp-content & the wp-config.php

  • wp-content
  • wp-config.php

Like this how the installation will be there, WordPress is secure one it could possibly be, As a website owner you have the  responsibility to protect your website from common threats. Use strong pass-code, Checks permissions, clean up regularly, back up regularly, will checks the themes and plugins regularly.


WP Team Support

WPTS provides panoramic WordPress Support services, Maintenance, 24/7 security, Uptime monitoring, SEO optimisation, Speed optimisation, Site migration and Customisation services for those who want to put a ding in the universe.

WordPress SupportAnd Maintenance Services
  • Bill Parlaman

    “ Really great to work with. Listens to my issues and works hard until they get it done perfectly. ”

  • Alex Petrou

    “ Always a pleasure working with WPTS. Their work is fantastic and timely. Maintain our website regularly. ”

  • Thomas Carlson

    “ WP Team Support was very responsive and Increased my website efficiency by 53%. ”

Get Started Now

Support teams across the world


Safe & Secure online payment