Not many people have time, or want to Install wordpress offline (local setup) and download a bunch of malware plugins and scanners to play around, have fun and see which plugins are best.
Von’s already done that, here are some malware removal tips at a glance:
- Delete old themes and plugins
- Replace two of the three major WordPress folders
- Backup website often so you can easily restore PRE hack
- Review users on wordpress website, double-check and delete any extra admin users
- *upgrade latest version of plugins and wordpress core (non beta)
- updates can break perfectly working websites, be careful…
- Download entire wordpress website to your PC, perform local virus / malware scan and re-upload
- Drag & drop old (potentially infected folder) into a subfolder outside of
public_html - FTP into website and make sure you don’t have folder OR file permission set to 755