If your website has been hacked, attackers may have added harmful malware to your files. While there are different ways to fix this issue, one option is to clean your site manually. This guide will show you how to remove malware from your website, with WordPress as an example.
You don’t need to be a professional developer, but some basic knowledge of coding—especially PHP—will make the process easier.
Why Manual Malware Removal Can Be Difficult
Removing malware by hand is tricky and time-consuming. Malware can look like normal code, and hackers often hide it in clever ways. This means you might spend hours cleaning your site, only to miss a hidden backdoor that can reinfect your site.
How to Protect Your Website from Malware
Before we discuss manual removal, let’s focus on prevention. It’s much easier to prevent malware from infecting your website than to clean it up later.
- Keep your site updated: Always update WordPress, plugins, and themes. If possible, turn on automatic updates.
- Be cautious with plugins and themes: Download only from trusted sources. Avoid pirated or nulled software—they often contain malware.
- Use malware scanners: Tools like ImunifyAV in cPanel can scan your website for malware and highlight infected files.
- Enable one-click malware removal: Upgrading to tools like ImunifyAV+ allows you to remove malware quickly with just one click.
- Keep regular backups: Use backup tools like cPanel’s WP Toolkit or WordPress plugins to save clean versions of your site. If malware strikes, you can restore your site with ease.
How to Manually Remove Malware from a WordPress Site
If you don’t have backups or automatic tools, you’ll need to clean the malware manually. Follow these steps:
Before You Start
- Take your site offline: Use a maintenance mode plugin or cPanel tools to stop visitors from accessing your infected site.
- Create a backup: Save a copy of your current site, even if it’s infected, to avoid losing important data.
- Turn on debug mode: Enable debugging in WordPress to display error messages that can help you pinpoint problems.
Step 1: Find Recently Changed Files
Malware often hides in recently modified files.
- Log in to your server using SSH or cPanel’s Terminal.
- Navigate to your site’s directory, usually in
public_html. - Run this command to find files changed in the last seven days:
find . -name '*.ph*' -mtime -7
The results will show recently edited PHP files, such as wp-config.php. Pay attention to these files—they could contain malicious code.
Step 2: Check for Suspicious Code
Open the suspicious files using a text editor or cPanel’s File Manager. Look for:
- Weird coding styles: Lines that are excessively long or messy.
- Obfuscated code: Hard-to-read code with random characters or numbers.
- Strange URLs: Unfamiliar URLs in your files that link to malicious servers.
For example, code like this is suspicious:
phpCopy code$malware = file_get_contents("SSBhbSBtYWxpY2lvdXMgY29kZSBhbmQgSSB3YW50IHRvIHNOZWFsIGFsbCB5b3VyIHNlY3JldHMu");
Step 3: Replace Infected Files
- Download clean copies:
- Get a fresh version of WordPress from WordPress.org.
- For plugins and themes, download the latest versions from trusted sources.
- Compare files: Open the clean files and compare them to the ones on your site. Look for differences that seem suspicious.
- Replace carefully:
- Use cPanel’s File Manager to delete infected files and upload clean versions.
- Be careful with configuration files like
wp-config.php. These files store important site settings, so replacing them without copying the necessary data could break your site.
- Verify after changes: Check your website after replacing each file to ensure it’s still working. This way, if something breaks, you’ll know which file caused the issue.
Why Manual Malware Removal is Challenging
Cleaning malware by hand is a slow and detailed process, and there’s no guarantee you’ll find everything. Hidden backdoors can remain undetected and cause reinfections. That’s why regular updates, backups, and security tools are essential to keep your site safe.
Need Help?
If you have questions or need support, we’re here to help! Let us know your feedback, and we’ll guide you in the best way possible. For professional website malware removal and security solutions, visit servers99.com. Stay secure!
