Removing Malware from the wordpress / Security essentials for every WordPress site

 Wordfence Security is one of  the Essential WordPress Security Plugin Every WP Site Must Have, You can find a brief info of the plugin by clicking on the link above.

Now let’s start with the actual topic!!

The First most important thing is to Back up your site, Here’s why:

Once you’ve ascertained that you’ve been hacked, back up your site immediately. Use your hosting provider’s backup system or a backup plugin to download a copy of your entire website. The reason you need to do this is because many hosting providers will immediately delete your entire site if you report that it has been hacked or if they detect this. Sounds crazy, but this is standard procedure in some cases to prevent other systems on their network from getting infected.

Make sure you also back up your website database. Backing up your files and database should be your first priority. Get this done, then you can safely move on to the next step of cleaning your site comfortable with the knowledge that at least you have a copy of your hacked site and you won’t lose everything.

Things you should know before cleaning a WordPress site that has the malware/been hacked:

    1. Watch out for old WordPress installations and backups   Sometimes What actually happens is you  back-up a copy of all your site files into a subdirectory like ‘old/’ that is accessible from the web. This backup is not maintained and even though your main site is secure, a hacker can get in there, infect it and access your main site from the backdoor they planted. So never leave old WordPress installations lying around and if you do get hacked, check those first because it’s likely they are full of malware.
    2. Once you’ve installed Wordfence Security plugin, Go to the Wordfence options page and make sure that under the “Scans to include” heading, absolutely everything is selected including the option to scan files outside your WordPress installation. (This is is obviously goin to take bit more time for scan)

    3. go to wordfence scan and run a full scan to clean your site. This step is important because Wordfence does some very advanced searching for infections, there you’ll be seeing an entire history of the malwares/malicious files that have been unwantedly added on your site

  1. Examine any suspicious files and either edit those files or delete the file. Remember that you can’t undo deletions. But as long as you took the backup we recommended above, you can always restore the file if you delete the wrong thing.
  2. Upgrade your site to the newest version of WordPress. (Follow the below given steps for doing so )
    1. Manually download newest version of the wordpress from https://wordpress.org/
    2. upload the zip file to the root directory (public-html )
    3. delete all files  & folders from ua  root directory (public-html ) excluding  WP-Content, Wp-config.php, and any other files/folders that holds the data of your site ex:  google verified .html files or folders of zoho verification.
    4. now extract the wordpress zip file and move all the files & folders excluding  WP-Content, Wp-config.php from the  extracted wordpress folder to the root directory or the sub directory where you’ve placed your site data.(to the same directory where your WP-Content, Wp-config.php has been placed )
  3. Upgrade all your themes and plugins to their newest versions.
    1. you can Upgrade all your plugins at a time  by using the plugin https://wordpress.org/plugins/baw-force-plugin-updates/
    2. once you’ve installed the above plugin just go to installed plugins & select all the plugins
    3. now right click anywhere on the screen and click on inspect, once DevTools opens up go to settings (as shown below) and scroll down to Debugger & check the option of Disable JavaScript
    4. now go to Bulk actions center on your dashboard and select update and click on apply.
  4. Delete Unused Themes and Plugins!
  5. Change all passwords on the site, especially admin passwords.
  6. Slowly work your way through the list until it is empty.
  7. You can usually delete anything that seems malicious  in the root directory (public-html )
  8. Run another scan and confirm your site is clean


 

After cleaning the hacked WordPress site if Google Chrome still gives the malware warning.

You need to get your site removed from the Google Safe Browsing list. Read this Google document on how to clean your site. Here are the steps:

  1. First sign-in to Google Webmaster Tools.
  2. Add your site if you haven’t already.
  3. Verify your site, following Google’s instructions.
  4. On the Webmaster Tools home page, select your site.
  5. Click Site status, and then click Malware.
  6.  Click Request a review

If you are getting warnings from other security products and anti-virus systems.

You need to keep a list of every anti-virus product that is saying your site is infected. This may include products like ESET anti-virusMcAfee’s Site Advisor and others. Visit each anti-virus makers website and find their instructions for removing your site from their list of dangerous sites. This is often called “whitelisting” by anti-virus makers, so Googling for terms like ‘whitelisting’, ‘site removal’, ‘false positive’ and the product name will usually lead you to the place where you can get your site removed.

You can manually check if ua site is listed on Google’s Safe Browsing List by visiting the link https://transparencyreport.google.com/safe-browsing/search

Follow the given steps once your site is clean:

Congratulations if you have managed to clean your site. Now you need to make darn sure it doesn’t get hacked again. Here’s how:

  • Install Wordfence and run regular scans on your WordPress site.
  • Make sure WordPress and all plugins and themes are kept up to date. This is the most important thing you can do to secure your site.
  • Make sure you use strong passwords that are hard to guess.
  • Get rid of all old WordPress installations lying around on your server.
  • check all the required critical scans and alerts in wordfence options.