Have you been alerted by wordpress malware scanner that your website has been infected? If so, we got you covered follow our steps to get rid of that nasty WordPress malware.

Our wordpress malware removal guide will tell you what to do and in what order. Your website security starts from your machine so we need to dig deeper in order to fully protect your website from malware.

We will guide you from securing and  your computer all the way to removing malware from your website and securing it.

There are many plugins and wordpress malware removal services out there that can promise you to eliminate it, but it if you follow this guide you can do it all by yourself.

1. Reset your computer 

(Laptop, PC or Mac) and backup all important files. Do this step for all computer(s) where you are accessing your website from.

A. For latest Windows, simply click on Start. Follow the following path Settings > Update & Security > Recovery > Get Started.

• If you’d like to manually choose the files to save, you can copy them to penstick/flash drive, external drive or separate HDD drive partition.

C. Alternatively, if you’re using latest Windows, simply go to settings and click on Backup. Follow the steps provided.

D. After creating backup, your computer is ready for reset/reinstallation. Simply press Get Started and follow the steps provided. Other Windows versions may have slightly different methods.

E. After your computer has been successfully reset, make sure to install an antivirus software. I recommend bitdefender 90 day trial Total Security before you start browsing the web https://www.bitdefender.com/media/html/consumer/new/get-your-90-day-trial-opt

F. Install Firefox addon NoScript to block any harmful scripts being executed without your knowledge when you are browsing web or when you are performing you website cleanup. You can also install other addons such as ad blockers. Double check recommended addons for your prefered browser(s).

2. Separate clean files from hacked

Create two folders on your desktop. Name the first folder HACKED WEBSITE and the 2nd folder CLEAN WEBSITE. It’s best to open both side by side.

3. Backup creation

Start by concentrating on the first folder named HACKED WEBSITE

A. Create backups of your website files; all your WordPress files and database.

• Download your WordPress files from your cPanel, then zip the files and name it hacked-website.zip. Save it in Hacked Website folder.
• Log into your phpMyAdmin to download your database. Click Export and GO. Name it: hacked-db.sql and save it in Hacked Website folder as well.

• Log into your phpMyAdmin to download your database. Click Export and GO. Name it: hacked-db.sql and save it in Hacked Website folder as well.

B. Check your newly created backups if they are compromised. Scan your Zip and SQL file with Bitdefender, it should pick up any hacked files and clean them.

C. Extract hacked-website.zip file into your HACKED WEBSITE folder.

D. Once zip file is extracted, find out what plugins your website is using. Go to plugins directory which is located in the wp-content folder.
E. List down all the plugins in a notepad. A quick way to do this instead of listing all the plugins manually is to follow the following:
• For Windows 7 and 8, hold down the shift key and then right-click on the plugins folder and select the option “Open Command Window here”. If you have Windows 10, choose “Open Windows PowerShell window here”.
• Once the Command/PowerShell window is open, type “dir /b > plugins.txt” (without quotes).

E. If your website is still accessible, you can do a backup from UpdraftPlus Backups (plugin).
• Alternatively, if you can’t get access to your files ask for a backup from your hosting company. If it’s Siteground, contact customer support and ask for the latest backup.
• You can also download backup from VestaCp. All your files will be there including database.

F. Start downloading each plugin you have on the list you just made. Use Google to search for the plugins; you can download the plugins either from the official WordPress plugin repository or from the official website of a third party developer where the plugin has been bought. Make sure you download the latest versions. Outdated plugins is one of the most common causes of hacks.

Note: If your plugin is custom made and is very outdated and there’s no way you can update it, it is better to look for alternatives or simply try to run the website without it. 

4. Download fresh wordpress installation

Next, leave the downloaded plugins for a bit and focus on the second folder named CLEAN WEBSITE you made earlier. As the folder name implies, CLEAN WEBSITE folder will contain the new, clean files for your website.

A. WORDPRESS – Download a fresh WordPress installation from wordpress.org. Once downloaded, extract the file to the CLEAN WEBSITE folder.

B. PLUGINS – Extract the downloaded plugin zip files to plugins directory which is located in wp-content > plugins

C. THEME – If your website is using a theme, download clean theme files for your website. Like the plugins, look for your theme in the WordPress theme repository or from the official website of where you have bought your theme. Our example is the well built theme Avada which is located in Themeforest under “downloads”.

Extract your theme in wp-content > themes folder. Delete the zip file of your theme from themes folder.

5. Moving backup files

Move uploads folder from your HACKED WEBSITE to the CLEAN WEBSITE.

A. Search the whole uploads folder for any unusual .php file which could have been added by the hacker. Simply type “.php” (without quotes) in the folder search box.

B. Delete any .php files found or any other unusual files.

6. WordPress malware removal from database.

Take note of the following terms which will be needed for the next steps.
• “base64_decode( ”
• “gzinflate(”
• “eval(”
• “error_reporting(0)”
• “shell_exec(”

A. Open PhpMyAdmin and do a direct search of all the terms provided above.

The search should return some hacked code entries if there is any. It might be just a Wordfence log of 404 URLs but to be safe, you should still delete it.

Note: Be careful not to delete important entries from WordPress, theme or plugins of your website.

B. You can also open the database file hacked-db.sql in a notepad. If it freezes/hangs your computer since database is too large, download the free Atom Text Editor here atom.io.

After all terms have been searched, save the file as clean-db.sql regardless of whether any terms have been found or not. Save it in folder CLEAN WEBSITE

7. Create a new wordpress database.

Open a notepad and name it as Database Details and save it on your Desktop. Save all the details you will be creating from the steps below. You will need this to connect to your new WordPress website. By the end of step 13, you should have a notepad with all the details similar to the image shown.

NOTE: “website” refers to your website name which is given by default.

A. Go to cPanel > Databases and select MySQL & Databases.

B. Create new database. Name it clean, making it website_clean and save this to the notepad. Click Create Database.

C. After successfully creating a new database, click Go Back and scroll down to MySQL Users. Create a new MySQL user. Type username “clean” making it website_clean. Save this to the notepad.

D. Create password by clicking on Password Generator. This will open the password generator, click on generate password. Copy the generated password and save it to the notepad. Tick “I have copied this password in a safe place” and click Use Password.
E. Your password will be automatically entered to the respective sections. Click Create User.

F. After successfully creating new MySQL user, go back and scroll to Add User To Database section. Select the user website_clean and database website_clean. Click Add.

G. Finally, on the Manage User Privileges page, tick ALL PRIVILEGES. This will automatically tick all options. Click Make Changes.

8. Importing wordpress database

Import your clean-db.sql file into the new empty database you just created.

A. Go back to cPanel home and scroll down to databases and click phpMyAdmin.

B. Select your new empty database “website_clean” and click Import.

C. Once file explorer window is open, click “clean-db.sql”, click Open then click Go.

If you are getting an error that your file is too large, convert your sql file into .gzip file which will compress your file from 100MB down to about 10MB. Alternatively, you can also try archiving it with Winzip or Winrar into .zip file.

If successful, you should get a confirmation screen as below.

9. Create strong passwords

Change all login details. It is important to change your admin username and password to avoid hackers logging into your website again.

A.  Click the database clean_website then click wp_users next.

B. Once the table is opened this will display the login details in your website. Click edit on your admin login details. If you have multiple admin login details, you have to change all usernames and passwords so simply repeat the following steps ahead.

C. There are various sections in this table but don’t be confused. Just follow the red boxes from the image; right to left and down.
• Change the user_login first. Type new username of your choice which ideally sounds nothing like your previous ones.
• Proceed to user_pass. Choose MD5 under function dropdown then you can type your new password or generate one online.
• Next, user_nicename and display_name can be changed as well or simply copy your username and change the old ones.
• Before pressing Go, open the Database details notepad you created earlier and copy your new username and password and save.

10. Bring your website to life

Upload website files from the CLEAN WEBSITE folder.

A. First, compress the website files. Select all files in the folder by typing CTRL+A or using your mouse. Then click Add to Archive.

Choose ZIP and click OK. Once done, a new CLEAN WEBSITE.zip file will appear in your folder.

B. Go to cPanel and click File Manager.

C. Click on (/home/website) then click public_html. Make sure public_html is empty then proceed to click upload.

C. Click on (/home/website) then click public_html. Make sure public_html is empty then proceed to click upload. Select CLEAN WEBSITE.zip.

C. Extract your new clean website files. Click on CLEAN WEBSITE.zip, click Extract. A new window opens and proceed to click Extract File(s).

11. Connect your wordpress database

Lastly, connect your database and wordpress website.

A. Locate wp-config-sample.php and rename it to wp-config.php.

B. Edit wp-config.php. Click wp-config.php then click Edit. An additional window opens, proceed to click Edit.

C. Replace database_name_here, username_here, password_here with the newly created names and password. Take the details from the Website Details notepad you created earlier. Your website should be live now.

If you still need help with your wordpress, we offer wordpress malware removal service at a very competative price. Every case is unique and can require different approach and might take longer. To give you rough idea how much wordpress malware removal costs check https://sucuri.net/ we will offer you a lot cheaper compared to them.