This step-by-step guide can be used by practically anyone to remove malware from WordPress.
Okay, let’s begin.
Scan your computer
Malware can infect your WordPress in various ways, one of which is if your computer has a virus that is leaking your FTP password. This is actually quite common. So first things first is to make sure your computer is virus-free. We recommend scanning at least with Malware Bytes, and to be doubly safe, another anti-virus such as AVG
Change your cPanel/FTP password
Now that your computer is virus free, you should change your cPanel and FTP password. We recommend that you use a strong password generator like Strong Password Generator. You can use a password wallet like Keepass to store these difficult passwords.
Download the latest version of WordPress
Download and extract the latest version of WordPress from the WordPress download page.
Clean your infected WordPress site
FTP in to your site, into the install folder of your WordPress site. It should look like this:
Delete everything you see there except for the wp-content folder, and the wp-config.php file.
Drag the wp-config.php file to your desktop and open it up in your code editor. Check for any unusual code in here, particularly any long strings of random text. You can compare it to the wp-config-sample.php file in your fresh download of WordPress.
If you find anything that shouldn’t be there, make a back up of your sites wp-config.php file, then remove the unwanted code and upload the edited file back through FTP.
Next, open up the wp-content folder, which should look like this:
Open up the plugins folder, and make a list of the plugins that you are currently using.
Go back up a level to the wp-content folder, and delete the plugins folder and the index.php file.
You will need to re-install your sites plug-ins once you have completed the cleaning process.
Open up the themes folder, and remove any themes that you are not using.
If you have a clean backup of the theme that you use, then you can delete all of the themes in here. If not, you will need to go through every file in the theme looking for suspicious code.
Finally, check your uploads folder and delete any files ending .php, or any other files that you have not uploaded.
Upload the files from the WordPress that you downloaded earlier, and remember you will need to upload the themes also. Don’t overwrite the wp-config.php file.
Update your WordPress logins
You should be able to get in to the dashboard area of your site now. Login and change the admin password. Remove any other users. Remember to use a strong password generator!
Install your plugins
You’ll need to re-install the plugins you removed earlier, add them one at a time and check your site is functioning each time.