How to Remove Malware from WordPress Blog

Has your WordPress blog been infected with malware? If yes, don’t panic and follow this step by step guide to clean the malware from WordPress.

Change all Passwords

First of all change all passwords related with your WordPress;

• Hosting control panel password
• Domain panel password
• FTP passwords
• Database password ( update it in wp-config.php too after password change )

Backup Database

Quickly take backup of your blog database using two methods;

1. Using phpMyadmin
2. Using WordPress dashboard >> Tools >> Export

Backup Uploads

Download your wp-content/uploads/ folder

Delete following files

Login to Hosting file manager and delete the following;

• Delete all plugins
• Delete all themes other than default WordPress theme
• Delete any other file other than WordPress core files
• Delete cache files
• Delete .htaccess file

Start Operation

• Now download the fresh copy of WordPress and extract it on your PC
• Use FileZilla to upload all these files and replace all old files of WordPress
• Now enter your database information in your new wp-config.php file
• Now install and activate all essential plugins
• Now install and activate your desired theme

• After refreshing the account install fresh copy of WordPress and import the database using phpMyadmin or using WordPress Dashboard >> Tools > Import > WordPress XML backup file you have created in second step
• Then upload your backed up uploads folder

Notes-

• Keep your PC always malware free to avoid further hacking
• Keep your WordPress security tight using essential plugins ( Read here )
• Do not use outdated browsers to login your WordPress

Related terms

WordPress blog hacked What to do?