Steps to Complete WordPress Malware Removal Process

We are influencers and brand affiliates.  This post contains affiliate links, most which go to Amazon and are Geo-Affiliate links to nearest Amazon store.


I bet the recent news about more than 200,000 websites being attacked through a recaptcha plugin didn’t pass your ears, or did it? A lot of websites were infected by this malware or maybe yours was also among them.

This shows how much security is always an important thing but the big question is, how do we go about it? Don’t be tempted to think that having securing your WordPress site is something that you can do in a day and be done with it.

Actually, this is what most of us usually do. It is always a good practice to add a security plugin in that your monthly maintenance list for plugins. But, if your security is breached and you get attacked, the following steps will help you to get through your WordPress malware removal process.

1. Scan the site first

Scanning the site will allow you to check and see if you have a security breach or not. These hacks usually comes in different forms, some might be quite brutal while others are just minor.

For instance, that recent hack is an example of a brutal attack. If you start seeing some malicious redirects in your site then you might be under an attack as this is one of the common symptoms shown by hacked sites. You need to scan the site and try to find the malware.

2. Backing up

It is also a good practice to always be doing your site backup regularly. This way, you will be reducing the chances of losing your data by a greater percentage.

This also allows you to be able to take back your site to the state it was initially before it got hacked. You should be checking to see if the last back up you have is outdated and the do a backup of the current site.

This will also help you to still have access to the uninfected files and use them.

3. Check the files after backup

First, in your site backups, you should be able to find out which version is infected and which one is still free from the malware.

Of course you will want to check the uninfected files, right? Check them to see the kind of information they contain and note down the details you are missing.

If you kept another copy of the missing data somewhere, good for you. But, if you have no other copy then you have no choice but to work on a new file.

4. Format the WordPress folder

Now you can go ahead and format this folder to make sure your site is clean again. Doing this is pretty simple, all you need to do is login to the cPanel and go directly to where WordPress was installed.

By formatting this folder, you are allowing everything to be deleted thus you should only do it if you are sure you really want to do it. If you had installed it in a different location, you can as well navigate to it and delete the WordPress files.

5. Install WordPress again

Almost all the hosting providers for WordPress now provides and option that can see you install WordPress in just one click.

You can also find an online guide on how to go about the process just in case you experience some challenges during the installation.

6. Change your password

When you choose to do the re-installation using the one-click option, you will also be prompted to set a password.

For security purposes, it is usually advised that create a new password and not to use a password that you’ve used before.


7. Install the plugins and themes

You might have realized that your site still runs a 2017 theme as a default theme. Well, you have the freedom to choose between using your backup to restore the site or just freshly install new plugins and themes.

This however, will depend on the backup type chosen. You can go for backup recovery option if you did a complete back-up.

8. Restore the back up and re-scan again

This is usually the best and most recommended method to restore the site. It helps you to still get access to your customized themes.

All you have to do is install the same recovery plugins you used before. Finally, you need to scan the site again and make sure it is completely free from any malware.

9. Google review

This is usually the last step. After scanning and you find that the site is clean, submit it to be reviewed by Google.

This will help to remove that warning message you received earlier about the malware. This can be done in the Google webmaster account.

And just like that, your site is back up and running. But be careful next time so that your site will not be found vulnerable again. Invest on WordPress site security and be safe from hackers.

We are influencers and brand affiliates.  This post contains affiliate links, most which go to Amazon and are Geo-Affiliate links to nearest Amazon store.