WordPress Tutorial

How to Clean up Infected WordPress Using WordFence Plugin

Introduction

Since WordPress is one of the most popular Open-Source CMS, it’s no surprise that it’s usually a target for hackers. Your WordPress installation can be hacked in a few ways. Usually, it can be either due to someone stealing your login information or due to some errors in your theme’s code or just an exploit in the WordPress installation itself. Whatever the case, do not worry. There are a few solutions that can help you and in this tutorial, you will learn remove malware from WordPress site Wordfence plugin.

What you’ll need

  • Access to your WordPress Admin Area

Step 1 — Backup your website and databases

In these cases, it’s crucial to make backups. Anything can go wrong. You can accidentally remove or corrupt your files. Here’s a detailed guide on how to backup your website with cPanel or manually.

Step 2 — Scan your WordPress installation with WordFence

There are quite a few plugins available that can help you scan your WordPress website for malicious files and signs of intrusions. WordFence is a great example. The plugin offers a lot of settings to choose from, such as a scan option, a firewall, a blocking feature, it can check your website for signs of intrusions and can help secure your WordPress installation from future security breaches. The application can also help you restore infected or modified files on your website.

  1. Download and install WordFence. You can find a quick guide on how to install plugins for WordPress here.
  2. Once you install and activate your WordFence plugin, it will become available on your Dashboard in the Admin Area. Access the Options menu within the WordFence plugin.
    WordFence Options
  3. In the Options menu, you will find the Scans to include section. You can set your scan options here. You can enable the plugin to check your installed plugins/themes and compare them to the ones found on WordPress.org. You can also enable the ability to search for infected files that are located outside of the WordPress installation as well as check your images for executable codes within them. Select the options you wish to include in your scan and click Save Changes.
    WordFence Scan options
  4. Access the Scan menu within your WordFence plugin that’s located on your Dashboard.
    Scan Menu
  5. In the scan window click Start a Wordfence scan to start the scan. The scan can take a while depending on the size of your website, so wait a while for your scan to complete. The scan will let you know once it’s done in the Scan Summary.
    WordFence Results
  6. If the plugin finds any infected files, it will let you know in the summary or at the bottom of the scan page.

Depending on the file, you may need to remove it or to extract the malicious code from it(if it’s inserted into a legit file or a file you wish to keep)

Step 3 — Refresh your WordPress installation (optional)

If the plugin fails to detect malicious code on your website or you still can’t remove the malware from WordPress, you can just refresh your WordPress installation.

  1. Access your WordPress installation folder either through an FTP client or a File manager. Remove everything except for the wp-content folder and the wp-config.php file. This is how your folder should look like after you remove everything:
    Removed WordPress
  2. Access your wp-content folder and check your Plugins and Themes folders. Make sure you are using all the plugins and themes you see there, and it’s definitely you who installed them. It’s advised to remove any unused plugins and themes.
  3. Download the latest installation of WordPress.
  4. Upload the new files to your previous WordPress installation folder. Make sure you keep your original wp-content folder and wp-config.php file.
  5. Access your website to see if everything is working as it was previously. If there are no issues, that’s it!

Conclusion

In this tutorial, you have learned how to perform scan and remove malware from WordPress site with the help of a Wordfence plugin. If all else fails, you also know how to refresh your WordPress installation and remove any possibly infected files. To avoid such issues, you should always secure your website.