If you have malware on your WordPress website, you are not having a great time and you don’t want to make the situation worse by causing more problems when removing it. From our years of cleaning up hacked WordPress websites and dealing with the aftermath of others not doing a good job of that, there are some important tips we can share.
Make a Backup of Everything First
Before making any changes to the website, make a backup of everything. That usually means making a backup of the files on the website and the database. That way, if a removal effort goes wrong, you can always revert back to where you were before it. It’s worth the time to do this before doing anything else.
We wouldn’t recommend doing this with a WordPress backup plugin, as those can be less reliable methods to generate a backup.
Don’t Overwrite the Website with a Backup You Think is Clean
One common suggestion to deal with a malware infected WordPress website is to revert to a clean backup of the website. There are a couple of common problems with that. First, often you won’t know if the backup is clean, as you probably don’t know when the hack started, only when you noticed it. Second, if you overwrite the files on the website, you can end up with the new malicious files still being on the website. You need to make sure you clear everything out first and put the backup files on the website, instead of overwriting the files. If you overwrite the files, you can also have other problems with files existing that shouldn’t exist together.
Make Sure The Person Removing the Malware Knows What They Are Doing
While it would seem fairly obvious to say you should hire someone experienced in dealing with removing malware from WordPress websites to clean it up, the reality is that there are lots and lots of providers who are not doing things right. You might get lucky and hire someone like us who does things right, but there is a good chance you will hire some who won’t. So either make sure that the provider not only removes the malware but also tries to secure things as much as possible, and most importantly, tries to determine how the website was hacked. If a provider doesn’t emphasize that they do the last element, they should be avoided.
If you are looking to do it yourself, there are lots of guides out there on doing that, though, from what we have seen, that don’t do a good job. A lot of them look to be there to ultimately get you to hire the source of the guide after their advice doesn’t work. Others are written by people that don’t appear to have experience actually dealing with removing malware. Either way, you might get lucky with their advice, but you might not, leading to more work needing to be done.
Try to Figure Out How the Malware Got There
If you remove all the malware, but the source of the infection isn’t addressed, you can quickly have malware on the website again. This is something that often isn’t done, including with lots malware removal services. One of the reasons we know that is that when we are brought in to re-clean malware infected websites, we check the logging and often find that it shows malicious files being accessed that were missed in the previous cleanup.