Come, meet us at Wordcamp, Torino, Italy on 14th and 15th June 2024 Click here
Scroll to top

How to Fix Malware-Infected WordPress Websites

Fix WordPress Website Malware

If you own an online business or have a retail presence on the web, chances are you’re using WordPress as your preferred platform. However, it’s not uncommon for WordPress websites to become infected with malware at some point. Dealing with these issues can be challenging, but with the assistance of a professional WordPress Website Developer, the process becomes much simpler. In this article, we’ll guide you through the steps to fix malware-infected WordPress websites and explain why our team at Brandconn Digital is here to help.

Signs that You Need Help from a WordPress Website Developers

Identifying the signs of a hacked website is crucial to taking prompt action. If your visitors are complaining about being redirected to spammy websites, it’s time to pay attention. Many hacks are invisible to you but noticeable to your visitors and search engine crawlers.

Look out for the following signs:

  • Presence of spam in your site’s headers or footers, such as ads for illegal services.
  • Discovery of unfamiliar pages or harmful materials while searching for your website on Google.
  • Notifications from your hosting provider regarding malicious activities on your site.

If you don’t want to risk taking down your website entirely, it’s important to address these signs and seek assistance in treating WordPress malware promptly.

Steps to Fix Malware-Infected WordPress Websites: Thanks to our experienced WordPress Website Developers, you can follow these steps to resolve malware issues on your WordPress website. While some of these steps can be attempted on your own, we highly recommend seeking professional guidance for optimal results.

Let’s dive in:

  1. Backing up the site’s files and databases: If you’re familiar with website backends, you can manually back up your website by logging into your dashboard and using the file manager to download and save your files. Alternatively, our team can assist you in this process. You can also use an FTP manager to access the necessary website files and download them to a web server after granting FTP access.
  2. Examining the files: Before proceeding with a WordPress malware cleaner, carefully examine your backup files. Save the backup to your PC and check the zip file for specific points. Ensure that the core files, such as themes, uploads, and plugins, are intact. You can download a fresh copy of WordPress from to verify that your core files match.
  3. Removing infected files in the public HTML subdirectory: Using a File Manager or an FTP client provided by your web host, navigate to the public HTML subdirectory and delete all files, except the CGI-bin folder and server-related directories. Make sure you have a complete backup of your website before proceeding. If you have multiple compromised websites, clean and back up each one separately.
  4. Uninstalling and reinstalling WordPress: Most web hosting providers offer a one-click option to reinstall WordPress. Refer to your site’s backup and update the wp-config.php file during the new WordPress installation to use the database credentials from your old site. This process links the old database to the new WordPress installation, ensuring there’s no compromised code. Please note that you should not re-upload the old wp-config.php file due to updated login encryption salts.
  5. Recovering passwords and permalinks: Log in to your website and recover usernames and passwords. If you come across any unknown users, it indicates a hacked database. In such cases, it’s advisable to seek assistance from a WordPress malware cleaner or our specialists to clean up the mess. To restore your website’s URL functionality, visit the “Settings” option, click on “Permalinks,” and save the changes. Ensure no hacked files, especially .htaccess files, are left behind when removing files.
  6. Reinstalling plugins and themes: Reinstall plugins either from the WordPress source code or by downloading them from reputable plugin developers, avoiding outdated versions. When installing plugins, verify their source and rely on trusted repositories like the WordPress theme repository.
  7. Uploading backup files and images: Copy the old pictures to the new wp-content upload folder, ensuring that no compromised data is transferred. Double-check the backup folder, making sure it only contains picture files without any JavaScript or PHP scripts.
  8. Activating security plugins: For an additional layer of security, we recommend using a security plugin such as MalCare. It scans your WordPress site and quickly identifies any malware issues, providing a comprehensive solution.


Fixing malware-infected WordPress websites requires technical knowledge and expertise. While you can attempt some steps on your own, seeking professional assistance, like the services provided by our experienced WordPress Website Developers, ensures efficient and effective resolution. By following these steps, you can regain control of your website’s security and protect your online presence from future threats.

Remember, addressing malware promptly is crucial to maintaining a safe and reliable website. Don’t hesitate to reach out to our team at Brandconn Digital for expert guidance and assistance in fixing malware issues and safeguarding your WordPress website.

Author avatar
Public advisory against the common scams. Click to read more.