Is your website under attack? The range of malware developed by malicious attackers includes some snippets of code that will not be easily identified because of their covert nature. While it is easy to identify adware, viruses and ransomware because of their effect on your website, spyware acts without disrupting regular function. If you want to know if your site is infected, you may need to run a thorough scan. What happens when you find out that your site is under a malware attack?


You need to find trustworthy scanning plugins that offer an in-depth search for malware. You could double-check your scanning results by visiting your site through a Google-based browser, such as Google Chrome.

Backup all files

Up to 310,000 websites were the victims of a malware attack in recent times. There is no guarantee for your site’s security, especially when you use a large number of plugins. Site owners are advised to backup their themes, plugins, frameworks and basic WordPress setup regularly to protect themselves from such occurrences.

If you regularly backup your site, you could choose an appropriate restore point. For users who do not have any recent backups, you may choose to backup your site even with the malicious code present. This way, you will be able to access your data in case malware removal results in complete data loss.

Explore your backups

If you are removing malware without any professional help, you will need to explore your backups for any signs of malicious code. For a skilled site owner or developer, this will be easy as the malicious snippets of code will stand out. If you have little or no coding experience, finding malware can be challenging.

You should install WordPress afresh and explore the installation directory. This will help you get a basic understanding of the files and code that are expected. You will then need to explore your site through the web server to find any anomalous code, symbols or data to identify outliers. You should mark these as malicious, and look into your backups for any similar occurrences. This way, you will not run the risk of installing an already infected WordPress setup.

Clean your WordPress Directory

After finding out exactly which snippet of code is malicious, you should delete your entire WordPress directory. For default installation, you should look into the public_html folder. Users who specify an alternative directory must format this specific location to complete this step.

Change all passwords

Attackers will create a backdoor in their malware code that allows them administrative access to your site. They will gain you passwords, and may log onto your site even after you have removed the malware infection.

To protect yourself from possible future vulnerability, you should change all passwords associated with your WordPress site. This means changing your WordPress administrator logins, host access details, FTP passwords and any e-mails associated with the site. You should enable two-step authentication for your e-mail to deny any potential attackers access to your site in future.

Restore your backups

Having gone through your backups to find an ideal restore point, uninstalled your WordPress site and removed any potentially malicious code, you will then need to restore your backups. It is important to avoid any suspicious bits of code during restoration to avoid re-infecting your site.

It is important to note that you should only use the same plugin to backup and restore. using two different tools may corrupt your backups and ruin any chance of a successful restoration. even though some plugins may be compatible, using the same one for both functions ensures accuracy and increases the likelihood of a successful restoration.

Reinstall WordPress

If your backups are corrupted, you will have to reinstall your WordPress site from scratch. This could prove challenging since some plugins and themes may not be accessible any more. You will also lose a great deal of site data, which could affect user satisfaction.

This manual installation will help you get a grip of the WordPress setup, which could be helpful when dealing with malware in future.

Install and update plugins and themes

Since WordPress is an open source project, plugins and themes are developed by interested parties. Some hackers pose as developers and create malicious plugins and themes that will infect your site with malware.

Before your initial installation, you need to analyze all plugins and use only those from trustworthy sources. For these customization options, less is always more. It is better to have fewer features than have many plugins and run the risk of installing an infected tool. If you do not have professional guidance, you may look on the internet to determine the safety of a specific tool.

Consider taking down your site

If you do not have the technical skill to remove malware from your website, you should not keep it operational. Google will blacklist your site as containing potentially harmful code, which will push away potential visitors. Any visitors who insist on visiting your site even after this warning could become vulnerable to malicious redirects and loss of sensitive personal data.

You could create a 503 error page to express the unavailability of your site. By placing the 503.php in the .htaccess file, all visitors will be redirected to a temporarily unavailable page until the malware situation is resolved.

Final Thought

You can protect your site from malware attacks by installing a number of plugins to help boost site security. These tools offer a range of features that include protection from automated malware attacks and password related vulnerabilities. It is important to access these tools from trustworthy sources. Do not attempt to download these plugins from third party websites as these are more likely to include malicious code.

If you are unable to carry out malware removal and security management, you should consider hiring out these services to dedicated WordPress specialists such as WPFixs.  Professionals will ensure thorough protection even where plugins may fail. They will also advise you on the best protective tools, as well as maintain regular monitoring to manage the effects of an attack.