How to clean a hacked WordPress website in 2021?

How to Clean a WordPress Hack

Steps to removing malware, spam, and other hacks from WordPress .Sucuri has devoted years to helping WordPress administrators identify and fix hacked websites.

To continue with this process, Sucuri have put together this guide to help website owners walk through the process of identifying and cleaning a WordPress hack.

This is not meant to be an all-encompassing guide, but if followed, should help address 70% of the infections we see.

HackerProof Trust Mark (728*90)

Scan Your Site

You can use tools that scan your site remotely to find malicious payloads and malware locations. Sucuri has a free WordPress plugin that you can find in the WordPress official repository.

To scan WordPress for hacks:

  1. Visit the SiteCheck website.
  2. Click Scan Website.
  3. If the site is infected, review the warning message.
  4. Note any payloads and locations (if available).
  5. Note any blacklist warnings.

If the remote scanner isn’t able to find a payload, continue with other tests in this section. You can also manually review the iFrames / Links / Scripts tab of the Malware Scan to look for unfamiliar or suspicious elements.

If you have multiple websites on the same server we recommend scanning them all (you can also use SiteCheck to do this).

 Cross-site contamination is one of the leading causes of reinfections. We encourage every website owner to isolate their hosting and web accounts.

Check Core File Integrity

Most core WordPress files should never be modified. You need to check for integrity issues in the wp-admin, wp-includes, and root folders.

The quickest way to confirm the integrity of your WordPress core files is by using the diff command in terminal. If you are not comfortable using the command line, you can manually check your files via SFTP.

If nothing has been modified, your core files are clean.

Check Recently Modified Files

If your WordPress site has been blacklisted by Google or other website security authorities, you can use their diagnostic tools to check the security status of your website.

To check your Google Transparency Report:

  1. Visit the Safe Browsing Site Status website.
  2. Enter your site URL and search.
  3. On this page you can check:
    • Site Safety Details: information about malicious redirects, spam and downloads.
    • Testing Details: most recent Google scan that found malware.

If you have added your site to any free webmaster tools, you can check their security ratings and reports for your website.

If you do not already have accounts for these free monitoring tools, we highly recommend that you sign up as they are free to use:

 Remove Hack 

Now that you have information about malware locations, you can remove malware from WordPress and restore your website to a clean state.

Pro Tip:

The best way to identify hacked files is by comparing the current state of the site with an old and clean backup. If a backup is available, you can use that to compare the two versions and identify what has been modified.



Clean Hacked Website Files

If the infection is in your core files or plugins, you can fix it manually, just don’t overwrite your wp-config.php file or wp-content folder.

Custom files can be replaced with fresh copies, or a recent backup (if it’s not infected). Here are some additional tips & tricks that you can use with WordPress.

You can use any malicious payloads or suspicious files found in the first step to remove the hack.

To manually remove a malware infection from your website files:

  1. Log into your server via SFTP or SSH.
  2. Create a backup of the site before making changes.
  3. Identify recently changed files.
  4. Confirm the date of changes with the user who changed them.
  5. Restore suspicious files with copies from the official WordPress repository.
  6. Open any custom or premium files (not in the official repository) with a text editor.
  7. Remove any suspicious code from the custom files.
  8. Test to verify the site is still operational after changes.

Clean Hacked Database Tables

To remove a malware infection from your website database, use your database admin panel to connect to the database. You can also use tools like Search-Replace-DB or Adminer.

To manually remove a malware infection from your database tables:

  1. Log into your database admin panel.
  2. Make a backup of the database before making changes.
  3. Search for suspicious content (i.e., spammy keywords, links).
  4. Open the table that contains suspicious content.
  5. Manually remove any suspicious content.
  6. Test to verify the site is still operational after changes.
  7. Remove any database access tools you may have uploaded.

Beginners can use the payload information provided by the malware scanner. Intermediate users can also manually look for common malicious PHP functions, such as eval, base64_decode, gzinflate, preg_replace, str_replace, etc. 

AccuRanker: The Rank Tracker for Agencies and SEO Professionals.A Keyword Rank Tracker. AccuRanker is the world’s fastest rank tracker – A must-have tool if you want to grow your organic traffic, and leave your competitors in the dust.

Run Your Entire Online Business from Powerful and Practical All-in-One Software.The only tool you need to launch your online business

$60k in 4 weeks: email marketing made easy

How to make your first $1,000 Online

The New System To Launch An Online Business

AMZ Watcher: Amazon Affiliate Link Checking & Monitoring.AMZ Watcher helps Amazon Associates check & monitor Amazon links and notifies when products become unavailable. Get Started With Your 7 Day Trial .Recover lost revenue from broken Amazon links and beat your competition. Get started in 30 seconds!

BigSpy – It is #1 FREE Facebook ad spy, Instagram ads spy, Yahoo and Twitter adspy tool, with almost 100 millions of Ads, 10K Ads updated hourly.

Lasso: Quickly Create Affiliate Link Displays That Earn More Money.The All-In-One Affiliate Marketing Plugin.Lasso was featured in How to Add Amazon Affiliate Links to WordPress. Fizzle. Corbett Barr. Corbett Barr from Fizzle listed Lasso as one of the tools they.

Affiliate Program Software, Affiliate Tracking Software Marketing.OSI Affiliate software will allow you to easily recruit and incentivize loyal affiliates and brand advocates so they can … OSI Affiliate will keep track of the use of the codes and calculate commissions earned for each use.

Dropified Dropshipping Software – Find It, Sell It, Profit, Repeat.Dropified Dropshipping Software gives you ALL you need to list & fulfill Top Selling products on your eCommerce store, so you can focus on growing your

StatusCake offers monitoring features to help your business drive revenue & stay online. Track your uptime, page speed, domain, server, & SSL certificates.

 leading provider of WordPress event management themes trusted by over 6000 websites worldwide. All-in-one solution for event websites.

The Best Free & Premium WordPress themes for 2020. Get complete access for only $69. Theme updates and support included.

Best WordPress Themes! Beautiful, Modern, Powerful & Fully Responsive Designs, with Great Support. Get your Best Matching Theme Now!

Elegant Themes Official Site | Best Themes & Plugins For WP‎Home of Divi, the most popular WP theme in the world. Give it a free test drive today.

Blazingly fast WordPress templates and plugins, built to get more traffic, more subscribers, more clients and more customers for you

Bluehost is the Recommended Host Since 2005!.See How You Can Set Up a WordPress Blog in 15 Minutes HostGator Shared Hosting Plans with Free SSL for as low as $2.75/mo. System Shield AntiVirus & AntiSpyware – 50% Off SEO made easy! Audit your site, discover backlink opportunities and ways to grow. Click Here! The Best Tool for SEO & SEM – Try it Free Here! Want an SEO Audit? Click here to have 100 pages of your site audited online in just 5 minutes and FREE!

InstantSSL Pro (OV) (728*90)

Better WordPress Content