We can clean up your site infection right away

LEARN MORE ASK A QUESTION

WordPress Malware Removal – DOs and DO NOTs

WP Fix It - Posted on September 6, 2018 -

Learn the ins and outs of WordPress malware removal…

Are you wanting to know more about WordPress malware removal? We are going to write this article to inform two audiences. The first audience being those that need WordPress malware removal and the other audience being those that want to learn more about WordPress malware removal.

We would like to provide you with a few DOs and DO NOTs when it comes to dealing with WordPress malware removal. Some simple things you can do to react to a a WordPress malware infection, avoid one or be prepared for one. Take a look below and the top 3 DOs and DO NOTs on the topic of WordPress Malware Removal

DO Not Panic and Think The World Is Crumbling

One of the worst things anyone can do when confronted with a WordPress infection is panic. You may have a site that infected and this feeling is very scary, but you can find confidence in the fact that all infections have a solution with a happy ending of a well functioning website.

We have seen it so many times in the past where business owners that rely on their website to make money go into a tailspin because their online presence is being tainted by an infection. This high level of stress is never productive and can lead to illness and other extreme reactions. Stay calm and carry on right!!! Most infections can be cleaned up in a few hours and have you on your way to happy days.

DO Not Assume WordPress Is At Fault

There are so many possibilities as to why a WordPress site can get infected with malware. The most recent version of WordPress core by itself is a very secure collection of code that is not prone to malicious activity on the web. Please note strongly how we said “the most recent version”.

Updates happen for a reason and most of these updates include security patches to make sure the software stays safe and buttoned up from hackers and bad internet code.

What does however have vulnerabilities or security holes are plugins, themes and user management. Let us start with plugins and themes, There are soooo many right? These are the path to beautiful design and functionality for your site.

The problem though is that 3rd party plugins and themes are not all created equal or supported properly. There are plugins and themes out there that were created a long time ago and either never updated or not updated in awhile. This can cause problems that can lead to you needing WordPress Malware Removal.

There is a great plugin available called Wordfence that will allow you to run a scan and show you the plugins and themes you are using on your site that are not supported any more.

Make sure you audit your list of users that have access to any account that relates to your website. If you do not recognize a user remove them. Also make sure you are enforcing the use of strong passwords. This simple user management strategy will prevent many types of infections and secure your site much better.

DO Not Delete Your Entire Site

This is a real bad plan of action here. While it will for sure remove any traces of malware, it will leave you with nothing after. The only reason you would want to remove you entire site is if you did not need it anymore or were rebuilding it with all new design and content. In most cases this will never be the plan but we have seen it happen before.

You can however delete the things that are not unique to your site and replace those items with fresh and clean files. Those non-unique items are listed below.

WordPress Core File – see image below for file names. You can remove all of these files and folders and then download a fresh copy of WordPress to replace them.

Free Plugins – the below will remove and re-install plugins from WP.org with a simple click. This handy plugin below will make it super easy to install fresh copies of any free plugins you are using. Delete any that you do not have active on your site.
Premium Plugins – any plugins that are not available at WP.org. These plugins are the ones that you can not find at WP.org. You have either purchased them or they came bundled in your theme. Track down their location and obtain fresh copies so you can replace them with the ones on your site.

Themes – remove the unused themes that are not active and replace active theme only if not customized. It is always a best practice to use a child theme setup if you are going to customize your theme files. But this is not always the case. If you have made changes to your active theme, DO NOT delete and replace it. If there are no changes to your theme files, you can remove it and place in a fresh copy.

DO Have A Full Proof Backup/Restore Strategy

Rule number one is have a backup and resore strategy in place. Rule number two is see rule number one. This very simple yet an often over looked task that could save you swiftly from a WordPress infection. Just think of this for a moment. If you have a daily backup taken of your site and store at least 30 dyas worth, you can simply resotre the site to a date when it was not infected.

There are many free plugins available that will allow you to create a successful backup and restore strategy for your site. So there is no excuse not to have one in place. With the topic of WordPress malware removal aside, just imagine all the other jams a backup and restore system could get you out of.

Take a look at the link below for our summary on the best and only plugin you will need to execute an awesome backup and restore strategy on your site.

https://www.wpfixit.com/wordpress-backup-and-restore-strategy/

DO Commit To Having Stable and Secure Hosting

The majority of WordPress sites are hosted online in a shared hosting environment. What this means is that your a site is hosted on a server with many other sites and if any one of those sites gets infected it can infect the other sites on the same server.

Now this does not mean you need to sell all your possessions to purchase your own server or dedicated hosting. A good hosting company is very aware of what can happen in a shared hosting environment and take measures to prevent and stop the spreading of infections throughout the entire server.

If you are shopping for a new host or frustrated with the level of security your current host provides, do some research and find a hosting company that will be part of your website security team.

Take a look at the comprehensive article at the link below that our owner wrote about a hosting company he says he would trust his kids with.

https://www.wpfixit.com/siteground-hosting-story/

DO Stay Educated on WordPress Security

This should be a MUST DO in everything WordPress. It is not just software but life-ware and it changes often. If you want to keep your site safe and secure, you need to stay informed. Security is mostly the one topic many WordPress uses either never talk about or steer clear of because they feel it’s not that important.

WordPress security is kind of like health insurance. No one thinks they need it until they need it. Do not wait to learn how you can better protect your website from malicious events and be proactive learning some simple security techniques. There are so many free resources out there to help you up your game on WordPress security.

Take a look below a at few of our favorite place to learn about WordPress security.

https://www.facebook.com/groups/wordpresssec
https://premium.wpmudev.org/blog/ultimate-guide-wordpress-security/
https://www.wpbeginner.com/wordpress-security/
https://yoast.com/wordpress-security/
https://codex.wordpress.org/Hardening_WordPress
https://websitesetup.org/wordpress-security/

2 Comments

Garvit Tyagi September 06, 2018

Thankyou Sir for Sharing the Article, But sir i cant Understand malware keep posting.

Reply
- WP Fix It September 11, 2018
  
  It likely means that your site is not fully cleaned out.
  
  Reply

Leave a Reply Cancel reply