Uh oh, your security plugin or web host has notified you that malware has been found on your website. What do we do now?
Stay calm. Malware is annoying, but not impossible to overcome.
Take stock of the situation:
- Has your website been defaced (vandalized) or has there just been a text or links added to your site?
- Is the page you are looking at actually
yourwebsite.com? Or is
yourwebsite.comsending you to a different URL?
- Are you able to login to WordPress (
Attempt to fix with Wordfence
If you’re able to login to your WordPress dashboard, try to fix the malware with the free Wordfence plugin.
Start by making a backup of your website. It’s always good to make sure we have a backup in case we make things worse.
Install the Wordfence plugin. Run a scan and wait for it to complete. At the end of the scan, Wordfence will tell you the issues it found and offer to delete or fix the files it found. Delete all deletable files, and repair all repairable files.
Run a second scan to see if the problem has been fixed. Verify the status by using a 3rd-party malware scanner like Sucuri Sitecheck:
If the second scan came back clean, visually inspect your website for any errors. Continue running scans daily because malware can hide itself and re-infect your website. Proceed to the Post-hack Lockdown section below.
Restore to a Backup
Another way to fix the hack is to simply rewind your website to a time before the hack. This is only viable if you haven’t made any changes to the site, or if you don’t mind losing some content on the site (because you can easily re-publish it, for example).
Start by restoring to the last backup. Scan your website with the Wordfence plugin and Sucuri Sitecheck to see if the hack has been removed. If that didn’t fix the problem, restore to a further backup point and scan your site again. Otherwise you may have to request a professional clean up.
Hopefully that resolves the malware. If so, proceed to the Post-hack Lockdown section below.
Request A Clean Up
If your troubleshooting failed to fix the malware, you should get a professional to fix it for you.
Your web hosting company may offer hack fixes or malware removal. Some premium WordPress hosts like Kinsta offer malware removal at no cost.
Your backup service may have integrated malware removal. For example, the backup service BlogVault has a sibling company called Malcare which specializes in WordPress security.
ClickWP will fix most malware and hacks at no extra cost when you sign up for for a website care plan. Really complicated cases may incur additional fees.
You’ve fixed the malware, hooray! Now let’s take some steps to prevent it from happening again.
Update your website
The number one cause of website hacks and malware infections are outdated software. This includes plugins, themes and WordPress itself. Learn how to safely update your website.
Review WordPress user accounts
Navigate to your WordPress dashboard → Users and review the list. Delete any user accounts that you don’t recognize. Also consider deleting any user accounts that haven’t been used in a while e.g. those belonging to your web designer or assistant.
!! Note that deleting a user will also prompt you to delete their content. Be sure to assign their content to a different user account to avoid inadvertently deleting content from your site.
Update the passwords for all administrators, and all users if possible. You can do this by editing the user and then clicking the Generate Password button.
Update your hosting account passwords
Most web hosting companies offer several types of access. Be sure to change the password for all of them. Check with your web host to find out what types of access you have if you are not sure.
- Customer portal where you manage your plan and billing e.g.
- Hosting control panel where you find tools like the File Manager e.g.
- FTP or SFTP accounts which allow you to upload and download files to your website with a program like Filezilla or WinSCP.
- SSH or shell accounts which allows you to manage your website with the Terminal or SSH client.
Run a virus scan on your personal computer
Viruses on your laptop or smartphone can actually cause your website to be compromised. That’s why it’s important to ensure your device is clean to eliminate that vector.
Review your website security
Read through our WordPress Maintenance and Security guide again to review where you can add additional layers of security to prevent getting hacked again.
And if you need help with any of this, just reach out to us for advice and a no-obligations consult.