How to detect and clean malware in WordPress

Posted on

Today the presence of malware in WordPress is becoming more and more usual. That is why we decided to dedicate this post to talk about methods to not only detect malware in WordPress, but also eliminate it.

First of all, it is very important to do, if we do not have a backup, so we make sure that if we change something then affects us negatively, we can regain our good performance from backup.

How to detect and clean malware in WordPress

One of the most important things we must do if we suspect we have vulnerabilities is to change all passwords, both access to WordPress as cPanel in case you have, the FTP, etc.

In this way we avoid the site is hacked again and / or violated by that means, and we can start properly with the detection and removal of malicious content by contacting with a WordPress malware removal service. It is also important, in the case of having a cache plugin, remove it so that no trace of the malicious files once the have removed.

Detecting malware on WordPress

The first step to get rid of malware is to know where you are and where you came from. We are going to take several steps, and we will conduct thorough scans on our site, so that we avoid overlook any malicious file.So the first step is to scan the site in general.

Scanning our web

To find malware in WordPress we will install the plugin Sucuri Security . Once installed, activated and generated the key that is needed to function properly, we are able to do a scan on our site.

Scanning methods

Scanning with plugins:

  • In order to scan our site Sucuri Security must go to the section “Sucuri Security” on our menu and select “Malware Scan”, there we press the “Scan Website” button and let the plugin do its very important trabajo.Es take that although this plugin will show a list of malicious files (if you find one), you can also show false positives, so we have to check ourselves each and evaluate them separately.
  • If this plugin not find anything we have several alternatives: WP Site Protection Antivirus , Anti-Malware Security and Brute-Force Protection ,  Wordfence Security , Quttera Web Malware Scanner , among others. Eye, must not install all at once, remember our article on  plugins and vulnerabilities , where we mentioned that we should not install plugins massively if not then we will use them .

Scan online:

  • Should plugins find malicious files, what we can do is go to other very efficient to detect malware in WordPress ways, such as online scanning sites:  Virustotal , Quttera , Google , Sucuri , etc. And if we activate the tool  Webmaster Google can also consult the section “Problems of Security”.

Other forms of scan:

  • Another way to quickly detect potentially dangerous files is accessed via FTP and list our files by date modified, as can already imagine the past that have changed are probably those who have injected malware or malicious are in their entirety.
  • FTP can download an entire folder, for example “wp-content”, and scan it with an antivirus desktop.We can even unburden the official directory of WordPress to compare files and more easily know what are malicious.

Cleaning malware on WordPress

And how do we do this? The answer in this case may vary depending on the type of hacking, but basically we delete all those files containing unreadable code, suspicious, or files that do not correspond to the installation of WordPress, plugins, themes or not you have added.

Another common detail in the malware are lines that contain the following directives:  base64_decode andeval (and eye back with false positives). Remember to check each file carefully because the code can be hidden in unexpected places, such as in the first line or the last, sometimes even after countless spaces.

Check database

Once our files are clean we confirm that our database is clean: first access it and we check that there are no unknown users, since most of the time when a site is hacked, add users with administrator privileges. If it is so, it is best to restore a previous backup of the database, and that modifying our database we risk ruining our entire site. But if we leave it alone, or we do not have another backup, what we must do at least it is to eliminate all users that are not ours.


As we have seen there are several ways to detect malware in WordPress, including plugins, online scans, reviews and scanning via FTP from the desktop. The deletion process actually easier because simply remove the detected malicious files and clean lines that are injected. And remember to have the support hand if deleting something your site to stop working.

Leave a Reply

Your email address will not be published. Required fields are marked *