How to Get Rid of Malware on WordPress Site

Posted In: Web Designing, Wordpress on Jun, 14 2012 | Leave a Comment

For the last couple of weeks this freelancing blog was offline due to a malware attack and I was worried sick! A lot of people from Bangladesh, Philippines, and India come to this site daily to learn about odesk and freelancing in general. So it was a little disappointing that they had to go away. Anyway, Yesterday I was finally able to get rid of the hacker’s malicious codes and get rid of the malware from this wordpress site. I am writing this post to help the freelance wordpress developers and site owners, so that they can get some idea of what to do when their site has been compromised to Malware!

How to Remove Malware from WordPress Site

  • I first knew that my site has malware when google emailed me saying that the site may be infected with malware. How did they get my email address? Google sends emails to all the possible admin email ids of a site, for example, support@example.com, contact@example.com, info, about, admin, webmaster etc.
  • Then I did a bit of googling to find out the best way to remove the malware from my wordpress blog. As usual found a lot of information, but none of them seemed to work 100% with my case. So I implemented a “mixed approach” and that worked.
  • First, I logged into my hostmonster cpanel (which is by far the best hosting I have ever used) and changed all my passwords and created a full backup of my server.
  • Then I updated/reinstalled the version of wordpress on the site using SimpleScripts. I hope this step removed any malicious codes within the core wordpress PHP or JS files.
  • Get Rid of Malware on WordPressAfter that, I logged in the FTP and removed any unnecessary folders that I had inside the public_html folder. As I am a developer I had a lot of client demo files which I didn’t need any more. So I deleted those. Though hostmonster provides unlimited bandwidth and space, I didn’t want to clutter and give the hackers an extra file to mess with.
  • Then I downloaded all the remaining files from the public_html folder to a folder in my desktop.
  • I know that hackers mainly inject malicious codes in core wordpress files, theme files, update and upgrade folders. So I carefully looked in each of the folders and files for any unwanted or weird file. Or any PHP file with a very long piece of code! I found 2 files under the CSS folder and the Upload folder which I deleted. The malicious files can be named as amazingsocks.php, kdips.php, survey_runtime.php, dom.php. Please note that, malicious codes can be inside individual PHP files too, like index.php, header.php etc.
  • Deleted those files from my computer and also from the ftp.
  • Logged in wordpress admin panel and looked under the “user” tab. I saw that there were 2 other administrators present in the site. They were the hackers’ accounts. I deleted those and also changed my wordpress password.
  • I removed any unnecessary plugins or the plugins that I did not need anymore. Plugins are a easy target for the hackers.
  • After that I was hopeful that my wordpress site was now clean and I requested a review from google.
  • Within a few hours this site came back LIVE and I was very happy!

WordPress Malware Plugin

Though I personally don’t use these plugins I did a ittle google search and thought I should mention these wordpress malware plugins so that you can consider them as well. These wordpress malware plugins are supposed to keep your site clean!

  • Sucuri Sitecheck Malware Scanner
  • WPAntivirus.com
  • Secure WordPress

As a professional freelancer it is our duty to keep our computers free from virus and our servers free from malware. Please let me know if this article helped you!

Cheers!