$10 off Wordpress Professional Hosting

The deal ends in

How to Remove Malware on WordPress Site

Introduction

Finally, a way to remove malware on WordPress site. It’s always a huge problem when a WordPress website gets hacked and loaded with a ton of malware. Not only can it affect your SEO, but the malware will also tear your website apart with what looks to be unlimited pop-ups. I’ve seen times where malware will cause computer viruses to be downloaded to the computer of any visitor that goes to your website. This could be a reason why Google will penalize your website when its crawlers detect malware.

Why does it happen?

WordPress much like many other platforms is prone to hacks but what makes WordPress more vulnerable is the fact that it’s extremely popular and plugins are not vetted for security or best practices. Your hosting can play a major factor as well. If your hosting provider is not keeping your hosting packages such as PHP up to date, your site will be vulnerable. For this reason, we always keep our hosting packages up to date at HosterFi.  Any time we build a new website, the first thing we add is security optimization. I can’t explain a lot of what we do since it’s proprietary information but I can say Wordfence is one of, if not the Major security plugin we add to our builds.

[alert type=”success”]If you do not have Wordfence and would like to know what files are infected, you can get a free site scan by Securi by clicking this link Securi.net.  [/alert]

The Symptoms

You would be surprised that many of the symptoms are not apparent. A lot of the times, you may not even know your site has malware until something breaks. Maybe a page doesn’t load properly or has a blank page. You may even start seeing weird PHP errors. If you’re running the WooCommerce plugin, you may get complaints from your customers about credit card fraud.  It all depends on the type of malware and the intentions of the creator which can range from advertising by blasting every page with 100 pop-ups or credit card fraud.

How Do I Remove Malware on WordPress Site?

Before one can fix a malware hack, one has to understand how it works. The fix will not work for everybody but it is definitely worth a try given the circumstances.

Complex Malware

The reason why it may not work for everybody is that some malware has a way of duplicating itself and returning. Essential, the malware developer will create one file. This file we can call the “Master File”. This master file is responsible for checking if the malware code snippet is still present in your file system. If you’ve ever wondered why malware keeps returning, this is why. The malware developer will cleverly attach this file to either a PHP script that runs on a cron job or a PHP script that is used on typical tasks. For instance, every time a user creates a new post, the PHP script to create a new post would trigger the execution of that “Master File”. Finding this master is very tricky, the majority of the time we have to download the full file system and trace back from the modified WordPress core scripts that have the malware included. This method is very time consuming and daunting so if this is the route you need to go, warm up a pot of coffee and get your favorite chair back massager because you will be there for a while.

There’s a little twist to complex malware. A lot of the times malware is designed to be untraceable. The best way to trace it back to the master file is to search through the file system and seek out the function that is in the malware code. Example: in the image below of a malware code snippet we can see that the “@include” function is used. We also see that whatever is creating this snippet, is commenting the code with “/*075c5*/”. These 2 pieces of text are what I would use to search within the file system for the suspect, the “Master File”.

Wordpress Malware Code Snippet

Once the master file has been found, you can proceed to remove the code snippets out of the file system without having to worry about them returning.

Simple Malware

We consider simple malware as one that does not have a master file as mentioned above. To fix simple malware it’s as easy as removing the snippet similar to the above image. To make things that much easier, This can be done in Wordfence. Wordfence will not only scan your system for modified WordPress core files but it allows you to scan for malware, allows you to restore the core files, and also delete malicious files.

Conclusion

With the increase of WordPress popularity, you can expect an increase in malicious developers creating malware. Keep the plugins in your website to a minimum, use security plugins like Wordfence, and stay on top of your hosting provider.   Keeping your hosting environment up to date is key to remove malware on WordPress site.

Related articles

Easiest website builders for 2022 – top 2

Are you looking for the easiest website builders recommended for beginners? Look no further we have done the market research to help you find the easiest website builders for your website. In America, we are almost halfway through 2022. It is absolutely

Read More »
how to do seo for your website step-by-step
Small Business
Hosterfi

How to do seo for your website step-by-step

Handling your own SEO is a dire job. Until now, here’s how to do SEO for your website step-by-step with the right tools and keyword research. It is, in fact, a job on its own but there are easy tools out there

Read More »
The steps of using MarketGoo DIY SEO Software
Small Business
Hosterfi

DIY SEO Software for Small Businesses

The problem Why do you need a DIY SEO software for your small business? As a small business owner, there are a lot of expenses that come along with running your business. Since COVID 19, some businesses are on the brink of

Read More »

Sign up for our newsletter

Get the latest in discounts, news, and blog updates

Logo representing a veteran owned business
Talk.to partner logo