How-to: Remove Malware from WordPress
Malware, or malicious software, is any application or document that’s harmful to a computer user. Malware contains computer viruses, worms, Trojan horses and spyware.
Time needed: 3 minutes.
Stop Malware from taking over your website.
- Backup your websiteIf you make a mistake, your website is gone forever. So back it up somewhere safe!
- Download WordPressDownload a fresh copy of WordPress.ORG: official site.
- Eliminating the MalwareLogin into your website via FTP
You should see a bunch of files that look similar to this:
Delete everything except for the wp-content folder and the wp-config.php file.
I repeat: DO NOT, by any circumstances delete wp-content or wp-config!
Now your folder should look pretty empty, with only these two left
Check the files and folders for random / odd looking code.
In wp-content folder. You should see:
Delete and upload a fresh copy of your plugins.
Remove any themes you aren’t currently using.
Be careful that you don’t permanently remove any parent themes used by children themes.
- Upload WordPressUpload everything in the fresh WordPress download except for wp-content (this is the file you downloaded in step 1)
I repeat: DO NOT replace / overwrite the wp-content folder. I normally delete from my computer so I don’t accidentally upload it to the server.
- Change Passwords + remove unrecognized users.Change the passwords for your users. Removing any users you do not recognize.