How to Remove Malware from Your WordPress Site

Keeping your WordPress website safe from malware is very important. Malware is a type of software that can damage your site, steal information, and cause problems.

If your WordPress site gets infected with malware, you need to act quickly to fix the problem and protect your website. This guide will show you how to find and remove malware from your WordPress site, so you can keep it safe and secure.


How do I scan my WordPress site for hidden malware?

Use a security plugin like Wordfence, Sucuri Security, or MalCare. These plugins offer comprehensive scanning tools to detect malware. Alternatively, use remote scanning services like SiteCheck by Sucuri.

How do I remove malware from my website?

Install a security plugin that includes malware removal functionalities, or manually remove the malware by deleting infected files and malicious code. For thorough cleanup, restore your website from a clean backup and update all software. Consider professional malware removal services if needed.

How do I remove a Trojan from my WordPress site?

Identify the infected files using a security plugin or malware scanning tool. Remove the files or clean them by deleting the malicious code. Strengthen your site’s security by updating WordPress, themes, and plugins to their latest versions and changing all passwords.

How do I secure my WordPress site?

Regularly update WordPress, themes, and plugins. Use strong passwords and enable two-factor authentication. Install a security plugin and set up a web application firewall (WAF). Regularly backup your site and monitor your site’s activity for any unusual changes.

Understanding malware and its impact on WordPress sites

Malware, or malicious software, takes various forms, and each type can significantly compromise your WordPress site’s integrity, security, and performance. Recognizing the types of malware and their potential impact on your site is the first step toward maintaining a safe online presence.

Types of malware affecting WordPress

Viruses and worms are malware types that replicate themselves and spread from one file to another across your system, leading to performance degradation or complete site malfunction.

Trojans disguise themselves as benign files, but once installed, they create backdoors for unauthorized access to your site.

Spyware gathers information about you without consent, potentially leading to privacy breaches.

Lastly, ransomware can lock you out of your site, demanding payment to restore access.

How malware affects your WordPress site

An infected site can suffer from reduced performance, with malware consuming resources. Your website could become a source of infection, spreading malware to visitors, which is disastrous for your online reputation.

Security threats such as stolen data, fraudulent activities, or defacement can lead to severe damage to both your personal and brand’s reputation and trustworthiness.

Initial steps to take when you suspect malware

When you notice unusual activity on your WordPress site, it’s crucial to act promptly to mitigate any potential damage.

Signs of malware infection

Malware can manifest in various ways. Check for unusual traffic patterns, suspicious files, and unauthorized access to your admin area. Look out for malicious redirects, which may indicate your site is compromised. Running a security scan can help you pinpoint these signs effectively.

Common red flags include:

  • Slow website performance or frequent crashes.
  • Unexpected pop-up ads or spammy content appearing on the site.
  • Sudden drop in website traffic or changes in traffic sources.
  • Alerts from search engines or security tools indicating that your site is compromised.
  • Unauthorized changes to files or the appearance of unknown files and scripts.

Take your site offline

Taking your site offline during the cleanup process can prevent malware from spreading. Back up your site before going offline, but be cautious as backups can contain infected files. To temporarily disable your site, you can use a .htaccess rule or a plugin designed for maintenance mode.

Contact your hosting provider

Reach out to your hosting provider for assistance. They can provide you with specific instructions or assistance in dealing with the infection. Moreover, your hosting provider might have noticed the compromise earlier and can offer insight into the nature of the malware infection on their servers.

10Web offers a free malware removal program for all websites hosted on 10Web. Make sure to reach out to our customer support in case you suspect malware.

Assessing the extent of the infection

When dealing with a malware infection on a WordPress site, accurately assessing the extent of the infection is critical to effectively cleaning and securing the site.

Review server logs

Server logs can provide detailed insights into the activities on your site, helping to identify any malicious access or behavior:

Access logs: Look for unusual access patterns or an increased number of requests from suspicious IP addresses.

Error logs: Check for frequent error messages that could indicate attempts to exploit vulnerabilities.

10Web users can access their logs in their 10Web dashboard under Hosting Services > Logs.

Logs in the 10Web dashboard.

Check user roles and permissions

Examine the user roles and permissions to ensure there are no unauthorized accounts or changes to existing accounts:

  • Ensure that only trusted users have administrative privileges.
  • Look for any accounts that were unexpectedly created or modified around the time the infection was detected.

Manual inspection of files

While security plugins can detect many issues, a manual inspection of files can sometimes uncover hidden or sophisticated malware:

Core files: Verify that core WordPress files haven’t been tampered with by comparing them with a fresh download from

Theme and plugin files: Check themes and plugins against clean versions from official sources or your own recent backups.

Uploads and other directories: Look into the uploads directory and other writable folders for scripts or executable files that hackers often plant there.

Analyze outbound connections

Monitoring outbound connections can help identify if your site is being used to send spam or communicate with a command and control server:

  • Use tools that can monitor and log outbound traffic from your website.
  • Check if there are recurring requests to unknown or suspicious domains.

Once the assessment is complete, categorize the findings based on their severity and potential impact. This will guide you in prioritizing the cleanup process and deciding whether you can handle it internally or need professional help.

Throughout the assessment phase, keep detailed records of all findings and actions taken. This documentation can be invaluable for future reference, legal purposes, or if you need to escalate the issue to cybersecurity professionals.

Cleaning infected WordPress components

Before diving into the specifics, it’s essential to understand that maintaining a clean WordPress environment is critical for your website’s security and integrity. In the unfortunate event that your site does become compromised, you’ll need to methodically clean infected themes, plugins, and files, and ensure that your database is free from malware.

Remove infected themes and plugins

The first step is to identify and remove any infected themes and plugins. Access your site via the File Manager in your hosting control panel or through an FTP client. Here’s what you need to do:

Removing infected themes and plugins via FTP.

  1. Navigate to the wp-content folder.
  2. Within wp-content, identify the themes and plugins folders.
  3. Look for any recently modified files that you did not change yourself as these could be compromised.
  4. Remove any malicious files you find. If the entire theme or plugin is infected, delete the entire folder.

Important: Refrain from using the WordPress admin panel to uninstall as this might not remove all the malicious files.

Clean infected files and database

Once the themes and plugins are addressed, focus on cleaning your files and database. This requires a meticulous approach:

Files: Use your File Manager or FTP client to review WordPress core files. Pay attention to the wp-content folder, as it’s a common location for malware to hide.WP content folder in FTP

  1. Look for any files that are out of place or contain suspicious code.
  2. Pay extra attention to .php files or hidden files (often starting with a ‘.’ like .htaccess).

Database: For the database clean-up, log into your database administration panel such as phpMyAdmin.

Checking database wp options and wp users tables for malware.

  1. Backup your database before making any changes.
  2. Search for suspicious entries, particularly in the wp_options and wp_users tables.
  3. Remove any malicious content you discover.

A malware removal plugin such as Wordfence can help automate some of these processes, but manual checks are still advisable for thoroughness.

Update WordPress core, plugins, and themes

After you’ve removed the malware, it’s vital to update all components of your WordPress site. An outdated WordPress version, theme, or plugin can leave your site vulnerable to attacks. Perform these updates:

Updates page in the WordPress dashboard.

  1. Navigate to your Dashboard and go to Updates.
  2. Update to the latest WordPress version if available.
  3. Update all themes and plugins to their latest versions.

Remember, keeping everything updated is one of the best preventative measures against future security threats.

Restore your site from a backup

If you have website backups, you can use them to restore your site to a state before the malware. 10Web automatically makes backups of your website every day. These backups are called restore points. You can restore your website using one of the restore points, or if you have made a complete backup of your website, you can restore from that backup. Here is how to restore your site in 10Web:

Restoring website from restore points in the 10Web dashboard.

  1. Log in to your 10Web dashboard.
  2. Click on the website that you want to restore.
  3. Navigate to Hosting Services > Restore Points.
  4. From the list, find the date that you want to restore your website to and click Restore.
  5. A confirmation popup will appear, click Restore again to confirm.

Confirming the restoration to a previous version.

Ensure that all WordPress plugins, themes, and core files are updated after restoration, as these updates often contain security enhancements.

Securing your WordPress site post-recovery

After successfully removing malware from your WordPress site, it is crucial to take measures to enhance security and prevent future infections.

Change all passwords

Begin by resetting all your passwords. This includes your WordPress admin account, database, FTP accounts, and hosting account. Use strong passwords that are a mix of upper and lower case letters, numbers, and special characters.

  • Admin Accounts: Ensure all user accounts with admin privileges have new, strong passwords.
  • Database: If possible, change the database user and password, and update your wp-config.php file accordingly.
  • Hosting Control Panel: Change passwords used for accessing your hosting environment.

Create new passwords regularly and avoid using the same password across different services.

Implement strong security measures

Strengthen your defenses by installing reputable WordPress security plugins. These plugins can help in:

  • Implementing a web application firewall (WAF) to block malicious traffic before it reaches your site.
  • Setting up regular scans to detect any potential security threats or intrusions.
  • Limiting login attempts to protect against brute force attacks.

Consider these actions:

  1. Install security plugins like Wordfence or Sucuri.
  2. Enable two-factor authentication for an additional security layer.
  3. Set correct file permissions and ensure your hosting environment is configured securely.

Monitor your site regularly

Regular monitoring of your site enables early detection of suspicious activities. Set up systems that alert you when there are:

  • Unexpected changes to your files.
  • Login attempts from unfamiliar locations.
  • Outdated themes or plugins, as these can be vectors for attacks.

Use your security plugin’s monitoring features and consider a service that performs regular scans of your website to check for malware. Keeping a close eye on your site helps you respond quickly to any security issues that may arise.

Preventive measures

Keeping your WordPress site safe requires you to be proactive. Here’s how you can fortify your website and stay a step ahead of potential threats.

Maintain regular backups

Backups are essential safety nets for your website. It’s crucial to regularly backup all of your WordPress files and databases. Implement a backup solution that enables both scheduled and on-demand backups, and store these backups in multiple secure locations. For added efficiency, use plugins that automate the process, ensuring you always have a recent backup to restore from in case of malware infection.

Educate yourself and your team about security

Education is a powerful tool against cyber threats. Make sure you and your team are aware of the latest security risks and best practices. Attend webinars, participate in online forums, and subscribe to security blogs. By staying informed, you reduce the risk of falling prey to new malware and social engineering tactics that could jeopardize your WordPress site.

Keep your WordPress system updated

The WordPress CMS is dynamic, with developers consistently releasing updates to patch security vulnerabilities. Ensure that you regularly update all aspects of your system – the core, plugins, and themes. Consider using a WordPress security scanner to check for vulnerabilities and to remind you about updates. This will keep your site fortified with the latest security measures, making it much harder for hackers to exploit outdated software.

Professional help and resources

When dealing with malware on your WordPress site, it can be reassuring to know that professional assistance and robust tools are readily available to help you secure your site.

If you’re facing a tough malware infection, enlisting the help of expert malware removal services can be a wise decision. These services typically offer:

  • Complete site cleanups, ensuring that all traces of malware are removed.
  • Continuous monitoring, to catch any future attempts of malware intrusion.

Professional services often provide guarantees for their work, which means if the malware reappears, they’ll handle the cleanup again at no extra charge.

10Web has a 24/7 malware monitoring service and provides a free malware removal service to sites that have been hacked.

Utilizing security plugins and external services

For ongoing protection, consider leveraging powerful security plugins and services that can minimize your vulnerability to attacks:

  • MalCare: Detects and cleans up malware with an easy-to-use plugin.
  • Sucuri SiteCheck: Offers a remote scanning service to detect malware and security issues.
  • Malwarebytes: Known for its malware removal capabilities on various platforms.

Using these tools, you can maintain a strong defense against malware and enhance the security of your WordPress site. Remember, preventive measures are just as crucial as remediation, so keep your security plugins updated and run regular scans.


Securing your WordPress website from malware is an essential step to protect both your brand and reputation. Malware can compromise the security of your site, and prompt removal is crucial to avoid long-term damage.

  • Regularly update your WordPress, themes, and plugins.
  • Back up your site frequently to ensure you can restore it to a clean state if necessary.
  • Use security plugins to continually scan for and eliminate threats.
  • Monitor your site’s activity with security auditing tools to detect any suspicious changes promptly.

By adhering to these security practices, you ensure the safety of your website and maintain the trust of your visitors. 

Simplify WordPress with 10Web

Share article

Leave a comment

Your email address will not be published. Required fields are marked *

Your email address will never be published or shared. Required fields are marked *


Name *