It’s unusual that you have a website but you didn’t get malware codes injected inside your website core files. So, it happens. Especially when your websites getting ranks in search engines, the possibility of such an attack is huge. Therefore, it is very important that you know how to remove malware from website WordPress.
- Never try to use null themes or plugins that are premium in nature and many websites providing it with less amount FREE.
- Always stay with trusted themes and plugins: While we are investing lots of amount for purchasing domain, hosting, writing content or developing website design.Therefore always try to use premium or free plugins that are recommend by WordPress and read how many people installed this already. As more people using this plugin as more you are in save place.
- Free is not always good : we always ask for lots of functionalities for our website like Mega menu, online product purchasing, etc. But most of these functionalities for a website are premium but we are not ready to spend for this. We will just ask our developer to do it with free plugins or themes. Now what happens, this developer either use pre-activated themes or themes from any other resources like using other client’s purchased theme that is quite old now or in rare cases goes to manage nulled themes. As a consequence, you are not getting any update for these themes and plugins in the long run.
- Always keep backup of your website. you can visit this link to know how to take backup of your WordPress site manually. I mentioned here manually because always try to work without the help of plugins. It will keep your website light and speedy.
- Use wordfence security plugin: Wordfence is a popular security plugin that large number of bloggers use for their website’s security. It is such a good plugin that let you know who have tried to login. It will also protect you from injecting malware codes by hackers.
How will you get notified your website is malware affected?
Most of the times your website hosting provider will keep your website suspended. If you login to your hosting account, you will get notification that which files have malwares affected. They will just provide you a log file.
Now let’s see how to remove malware from website Free:
You have see every file locations indicated inside the log file and go there. You have to go to the public_html folder of your cPanel first. As per the hosting provider’s instruction, I had malware codes in index.php file and also had some malware files at this location public_html >> New folder. So I have gone there directly but you can also search the file by name. To this Press Ctrl+f and your write down the folder name here. Then your required file name will be highlighted with immediate affect. Let’s go inside that folder.
After enter to that folder, I have found the index.php file and opened with editor. At the top of the page you will notice that there are some meaning less codes which are not actual codes anyway of this WordPress core file. So I have selected the codes and Press delete button. So, malwares for this particular file has been removed successfully and my file is fully cleaned now. see the bellow picture.
I had also some malware files created just like the below picture, if you see closely you will notify that this are not core WordPress files anyway. so this files also subject of deletion.
In this way as per recommendations of your hosting company, please clean WordPress malware files from your website. And after cleaning all this files, contact to your host and ask to review your files that you cleaned. Your hosting company may take time to review and let you know if still something left or not.
If all done in the right way, your hosting company will make your website again.
Finally, to remove malware from website WordPress site, please take backup of your WordPress files. Cause if you delete something essential for WordPress, you can reinstate your site by using this backup process.