How to Remove Malware from a Hacked WordPress Site

There are many ways to protect your WordPress site from malware. The most important thing is to take preventive measures to secure your site. You can also remove malware from WordPress sites using different techniques.

WordPress users can take the most important precaution to ensure their website is always upgraded to the latest version. New versions of WordPress usually address common security vulnerabilities present in older versions. In addition, it is important to delete any plugins that are no longer being used and to do the same with the plugins that are still being used.

Here’s what you can do:

1. Run a Computer Antivirus Scan

There are a few different ways we can scan for viruses on our computers. One way is to use an antivirus program that we have installed. Another way is to use an FTP tool to download the complete website and analyse every file that makes up the web to look for dangerous code.

The antivirus program will scan files as they are being downloaded and generate a report detailing which files it identifies as potentially dangerous. Once the download is complete, we can check this report to see which files we need to be wary of.

2. Locate Malicious Users

Some cybercriminals create accounts on your WordPress site and run malicious scripts to take advantage of any weakness in your site’s security. Doing this allows them to access your site’s content, files, and even your personal information.

3. Lock WP Login to Reduce WordPress Logins

You can do so by default if you want to test multiple login/password combinations to access your WordPress administration. Every time a WordPress login attempt fails, LockDown will log the IP address and the timestamp. The login function will be blocked if a predetermined number of unsuccessful attempts are discovered within a short period from the same IP range. This can help prevent brute-force password discovery and protect WordPress from such attacks.

4. Gather Files

One way to quickly detect potentially dangerous files is to use FTP to access and categorise them by modification date. This way, you can see which files have been recently modified and are more likely to be dangerous. This method involves looking through all of the website’s files to find any that have been infected. This can be time-consuming, but it is a way to ensure you find all the infected files.

5. Find a Hosting Provider

If your website is hosted on a shared server, your first step should be to contact your hosting provider. They may be aware of a larger problem and be able to take care of the issue for you. Often, your host can resolve the issue, saving you time and effort. For this reason, it is important to use a reliable hosting provider, such as seedbox app hosting by gigarapid.

6. Recover Data from a Backup

The best way to restore your website after it has been hacked is to have a backup of your site from before it was hacked. This will ensure that all hacked files are included in the backup. If the attack occurred in files that were not backed up, the problem might continue even after restoring the site.


If you find that your WordPress site has been hacked, it is important to take immediate action to remove the malware and secure your site. There are a few different ways to do this, but the most important thing is identifying and removing the malicious code from your site. Once you have done that, you can then take steps to secure your site and prevent future attacks.

Hosted WP provides specialised WordPress hosting and management services, offering real solutions for WordPress users in a secure and managed environment. We pride ourselves on giving you, our client, a premium service, so you have one less thing to worry about. Leave your WordPress website in our hands to work on your business. If you need WordPress hosting services in Australia, we can help. Get in touch with us today!