As an owner of any business, if you are running a WordPress site for scaling up your overall revenue, then you are on the right track! WordPress and its crucial features make it easier for you to entertain, inform and educate your audience.
Though there are many crucial benefits of WordPress, there are a few security vulnerabilities like WordPress malware that make the entire process of website development critical. Therefore, it is crucial to know and understand what malware is and how to remove it from your WordPress website.
If you are well aware of the procedure of removing malware from your WordPress website, half of the battle is won! Well, WordPress malware is nothing but malicious software, a generic term for some harmful files and programs that compromise a system. It can easily destroy servers, websites, and networks. Most of the time it damages the entire computer and connected devices like pen drive or SD card.
Let’s dig into some important steps of removing malware from your WordPress website.
Step 1: Backup the site files and database
Back up the entire site if you have access to the web host’s site snapshot feature. This is the most comprehensive backup of your entire server. However, it may be quite large, so be prepared for a lengthy download. If you can log in normally, use a WordPress backup plugin. If you can’t log in, the hackers may have compromised the database, in which case you should contact WordPress developers which are mentioned earlier.
Using these steps, create a separate, additional backup of the database. If you log in, it is advisable to use Tools > Export to export an XML file of all your content.
Some of the sites may be quite large. The upload file could be larger than 1GB. Because it contains all of your uploads, the wp-content folder is the most important folder on your server.
If you can’t run a backup plugin and your web host doesn’t have a “snapshots” feature, you can use the File Manager of your web host to create a zip archive of your wp-content folder and then download that zip file. If you have multiple WordPress installations on the server, you should back them up individually.
Step 2: Examine and download the backup files
Once the site has been backed up, save it to your computer and double-click the zip file to open it. You should look at:
WordPress Core files in their entirety. You can download WordPress from WordPress.org and compare the files in the download to your own. You won’t need these files, but you might need them later on in your investigation into the hack.
The wp-config.php file- This is significant because it contains the name, username, and password for your WordPress database, which we will use during the restoration process.
.htaccess file – This will be undetectable. The only way to find out if you backed this up is to open your backup folder in an FTP program such as FileZilla or a code editing application like Brackets that allows you to view invisible files within the application’s interface.
The wp-content folder- There should be at least three folders in the wp-content folder: themes, uploads, and plugins. Look through these folders. Are your theme, plugins, and uploaded images visible? If so, it’s a good sign that you have a good backup of your website. Typically, this is the only mission-critical folder required to restore your site.
The database – You should have a SQL file that is a database export. We will not delete the database during this process, but it is always a good idea to have a backup.
Step 3: Delete All the Files if there are any in the public_html folder
After you’ve confirmed that you have a good and complete backup of your site, use the web host’s File Manager to delete all the files in your public HTML folder (except the cgi-bin folder and any server-related folders that are free of hacked files). It is recommended to use File Manager because it is much faster than using FTP to delete files. If you are familiar with SSH, this will also be quick. Make sure to view invisible files before deleting any compromise. htaccess files.
If you host other websites on the same account, you can assume they have all been compromised as well. Cross-infection is fairly common. You must clean ALL of the sites, so back them up, download the backups, and follow the steps below for each one. However, trying to scan for and locate all hacked files on a server is extremely time-consuming work. Simply ensure that all of your backups are complete. And don’t just clean one website and then go back and clean the other because the time it takes to clean one can re-infect the one you just cleaned.
Step 4: Reinstall the WordPress website to run it better
Hire a WordPress development company and reinstall WordPress in the public HTML directory if this was the original location of the WordPress install, or in the subdirectory if WordPress was installed in an add-on domain, using the one-click installer in your web hosting control panel.
Referencing the backup of your site, edit the wp-config.php file on the new install of WordPress to use the database credentials from your former site. The new WordPress installation will now be linked to the old database. It is not recommended to re-upload your old wp-config.php file as the new one will have new login encryption salts and will be free from any hacked code.
Step 5: Reset Permalinks and passwords
Log in to your site and change all of the user names and passwords. If you see any users you don’t recognize, your database has been compromised, and you should contact a professional to ensure that no unwanted code remains in your database. If you want to delete your old database and start over, you can read my Nuke it From Orbit blog post. It takes a little more effort, but it ensures a clean site.
Final Thought
As cybercrime and malware evolve, being proactive about website security is your best defense. Whether you use manual methods or an automatic website scanner to check for WordPress malware, learning the various ways to look for malware will help your website become more secure.
Author Bio:-
Blessed with deep-level expertise in web & mobile technologies, Pragna is a pioneer in her field and has a great passion for writing. She is well-versed with result-oriented technologies & solutions like software development, app development, WordPress development services, and more along with specific hands-on experience in healthcare, retail, automotive, and other sectors. Covering a wide spectrum of 4+ years of experience in the tech industry, Pragna is working productively for OrangeMantra, a digital transformation company.
