Clean malware from wordpress website in 2019



These days a lot of WordPress websites are getting infected by malware, adware. What they basically do is that open they redirect the WordPress site to some random third party website which is full of ads or sometimes they spread a virus or other such malicious files to the visitors. This mostly happens because most of the times the creator of WordPress based websites are very beginner and they don't know much about security.

Last month a person reached out to me saying that his WordPress website is infected and asked me to help him out. When I checked the website I got to know that an attacker added few lines of codes on his website which redirects the visitors to some other website. You might be thinking what will the attacker gain by doing this.

Well, the attacker redirects the visitor to his malicious website which is full of ads and think if he redirects about 10,000 visitors per day, he will earn a good amount of money. So when this person gave me access to his website I first searched how the site got infected.

Here is how his website got infected :


He used a very week and known username and password so there is an attacker who runs scripts which automatically scans for WordPress based websites and try random password and if they get the access they automatically insert the code. Same this was happening in this case too. So I quickly removed the malicious codes and changed the password and things got alright.

If sometimes your WordPress website too gets infected by malware, here is how you can clean your website :

Scan your Website


This is a very important step. here you need to first scan your website to see if there is any backdoor, vulnerability that exists in your website. Scan your website to see if it redirects to some other website. Also, check if you are using the latest version of WordPress.

Backup your sites, files, and database


Always try to make a full site backup for at least once a month so that even if it becomes impossible to fix your website you can restore it back using the backup. You can backup your website files with FTP, cloud, etc. There are a lot of free plugins to do so.

Check the backup files


Things might get really tricky if your backup file itself contains the malware so always check if your backup is free from malware

Format WordPress files and folders


Login to your cPanel and go to the location where you have WordPress installed and delete all the WordPress files in your installation location. Mostly the WordPress files will be in the public_html folder.

Reinstall Wordpress


Get one-click Wordpress install option from your provider. Get an overview of installing WordPress in server. Fill the necessary information like admin name, password and click the " Install Wordpress" button

Change your WordPress login password


While installing you will be given an option to give a password. For better security, it is advisable to give a new password that you have not used so far on your website.


Reinstall themes and plugins


Download a fresh copy of the theme from the backup or you can use the default theme of WordPress. Once the theme is installed, you can install all the needed plugin once again.

Restore your WordPress files and database


Backups created by popular backup plugins like BackupBuddy and UpdraftPlus can be restored by using the same plugin. USe the plugin to restore the files and database

Scan Again


After all the above steps are done you will have the site up and running once again. Just to check if everything is alright, do a full site checkup to make sure that the site is completely free from malware The best tools to check for malware in WordPress are: Unmask Parasites, Sucuri Site Check, Norton Safe Web, etc.

Clear Google Warnings


After the above steps are done, your website will completely be free from malware. Now submit the blacklist removal request to Google to review your site. Navigate to the crawl tab in search console, Click the fetch as Google section and submit the website to index button below.

After following these steps your website should be completely free from malware in most of the cases. If it's not then contact your  service provider or get help from some professionals.

Add Falling Snowflakes to Your Blog


Its Winter here and everyone is doing something to make their website/blog look attractive this winter.some of them are using santa clause logo while some of the webmasters are using christmass banners.

Do you have a blog? if yes than you must thy this gadget.If you notice Hackatrick you will see the snowfall in the site.If you too want this snowfall in your blog than try this.

How to seure wordpress blogs

How to seure wordpress blogs

Hackers are the person like you and us but the only difference is that they use their skills for the negative and destructive purposes, they use their skills to break a website, they normally destroy all the stuff's, so if you are a admin of a website you should care about the security of the website.
As you know that the wordpress is a common and most popular plate form for blogging, but the security of the wordpress is always a hot discussion and it need more and more concentration because vulnerability discover everyday. Below are some tips to make your blog secure: