How You Can Remove Dangerous Malware From Your WordPress Account?

This guest post will guide users practically about how to remove malware from WordPress account. Well, it’s often good to get your hands dirty to remove the WordPress malware efficiently and, on the contrary, you should be comfortable enough to work with FTP as well as File Manager. But, getting hold to the point that if this is not your cup of tea, then I think that you definitely should wish to look out for this guest post that will teach you about the malware removal process from WordPress account.

So, now let’s begin with the basic step:

  • Step 1 deals with Scanning Your Computer Thoroughly

Scanning and Cleaning

Malware by name, we can make out that it can badly infect your WordPress account in dangerous ways: firstly, if your computer has a virus that is residing on your FTP password. This is quite a common problem. To overcome this issue, the first thing is to make sure that your computer is working with virus-free elements. We recommend scanning WordPress with Malware Bytes and remaining safe, download antiviruses such as AVG or Kaspersky.

  • Step 2 asks you to Change The cPanel/FTP Password

Now that you know, your computer is virus free; it is essential for you to change your cPanel and FTP password. Create a password that combines, at least, one individual character like ! # < &, a mixture of lower and uppercase letters with numbers. One of such example is that of Y^jsd7#jBse.

  • Step 3 asks you to Download The WordPress Package


Download your most updated as well as the latest WordPress package from the official site.

  • Step 4 encourages you to Extract All The Files

Extracting files from your zip folder or from the tar.gz folder that you have just downloaded into the system will help keep you safe from any malware attacks.

  • Step 5 asks you to Remove The Malware Infection From The WordPress Account

Login into the FTP or you can say that login into the cPanel and go to the File Manager section is where you can get the chance to handle malware removal process.


Now this is your WordPress installation document format on your web host that is depicting how exactly it will look like when it is dispalyed.

  1. wp-admin

  2. wp-content

  3. wp-includes

  4. index.php

  5. license.txt

  6. readme.html

  7. wp-activate.php

  8. wp-blog-header.php

  9. wp-comments-post.php

  10. wp-config.php

  11. wp-config-sample.php

  12. wp-cron.php

  13. wp-links-opml.php

  14. wp-load.php

  15. wp-login.php

  16. wp-mail.php

  17. wp-settings.php

  18. wp-signup.php

  19. wp-trackback.php

  20. xmlrpc.php

Delete all the document that you see there except the wp-content folder as well as the wp-config.php file.

Now you will come across the following installation method as given below:

  1. wp-content

  2. wp-config.php

In the cPanel, go to the File Manager, click on it and edit your wp-config.php sheet by assuring that there are no strange codes existing in your WordPress account or you can say that the section is free from any unusual glitches. You can very well notice that if you come across a malware attack in the file, then it will usually look like a long string of random text. It is recommended to compare it to the wp-config-sample.php file.

Next section asks you to access his wp-content folder that appears to be below-mentioned pattern:

  1. plugins

  2. themes

  3. uploads

  4. index.php

To remove malware attack from the WordPress, it is recommended to follow a list of advance level plugins that you are currently working on, and then remove those plug-ins folder and index.php file. You have to re-install all the plugins after you have wiped out malware affected files in the WordPress.

Next, access the themes folder, and remove all unwanted ideas that are not required by you at the time of working. You will have to individually check each file in the current theme to make sure that there is no malware found, or you can say that you are free from any strange codes in it. Always prefer to make a clean backup of your theme on your personal devices, and then you can easily delete an entire themes folder.

  • Step 6 deals with re-uploading the WordPress account properly after you have removed malware infected files from the WordPress account.

  • Step 7 deals with Changing The WordPress Admin Password and Re-install Those Plugins Again

It is always recommended to access the dashboard and change the admin password to ensure safety. Always create a password that is hard for malicious users to guess your password to prevent getting hacked your WordPress account. Well on the other side, if you don’t want to create a random password for safety measures like Gsdi6!33&W, then you can surely pick up an uncommon phrase with 3 or more words like AragornLuvsArwen<3. Well as we all know that any strong password is one with strange words, at least, 1 number, one special character and a mix of upper and lower case characters.

  • Step 8 asks you to Remove Google Warning

Now that you are working with malware free WordPress site, you can now easily submit your created site to Google to get the warning “This site may harm your computer” removed.

Samuel Dawson

Senior PSD to HTML developer at Designs2HTML
Hi my name is Samuel Dawson. I like writing useful and productive articles on HTML related verticals. My key expertise areas are converting HTML website to WordPress and PSD to Joomla. Above all, I worked for one the leading PSD to HTML conversion service company - Designs2HTML Ltd. with committed words to deliver all project without any failure.

Latest posts by Samuel Dawson (see all)

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *