WordPress Malware Removal Cleanup

Not many people have time, or want to Install wordpress offline (local setup) and download a bunch of malware plugins and scanners to play around, have fun and see which plugins are best.

Von’s already done that, here are some malware removal tips at a glance:

  • Delete old themes and plugins
  • Replace two of the three major WordPress folders
  • Backup website often so you can easily restore PRE hack
  • Review users on wordpress website, double-check and delete any extra admin users
  • *upgrade latest version of plugins and wordpress core (non beta)
    • updates can break perfectly working websites, be careful…
  • Download entire wordpress website to your PC, perform local virus / malware scan and re-upload
  • Drag & drop old (potentially infected folder) into a subfolder outside of public_html
  • FTP into website and make sure you don’t have folder OR file permission set to 755

Replace 2 of 3 major WordPress folders

Before you overwrite the `wp-config.php` file you should back that up because that’s the file that connects your database to the website… just add .BAK to the end of it for example.

Kick-start malware removal by replacing core folders that do no save anything “custom” like the wp-content folder.

External Malware Scanners can work and tell you stuff, but they do not remove anything…be careful not spend money on bad results.

Random Tip

Von favors BBQ Firewall because it is a more straight forward no frills plugin. Yes, there are many other good firewall plugins but many have extra features, which, in reality one wouldn’t really need if proper WordPress hardening is applied.