Not many people have time, or want to Install wordpress offline (local setup) and download a bunch of malware plugins and scanners to play around, or have fun and see which plugins are best.
Malware removal tips at a glance
- Delete old themes and plugins
- Replace two of the three major WordPress folders
- Backup website often so you can easily restore PRE hack
- Review users on wordpress website, double-check and delete any extra admin users
- *upgrade latest version of plugins and wordpress core (non beta)
- updates can break perfectly working websites, be careful…
- Download entire wordpress website to your PC, perform local virus / malware scan and re-upload
- Drag & drop old (potentially infected folder) into a subfolder outside of
public_html - FTP into website and make sure you don’t have folder OR file permission set to 755
- Submit website to google for malware detection
- Perform integrity check using WP Cerber Addon
- Download fresh wordpress.org download and replace existing install than swap credentials in wp-config.php file and finally change password to database and WP Admin