Removing malware without paying a dime
If you found your website infected with malware, you have many options to remove it. Most of them are paid, but one of them is free. It’s free if you are willing to do it by yourself following this guide.
It is important to note that this approach will help you remove many types of WordPress malware but may fail in case of complex infection or if malware resides in the HTML content of your website. Some malware can be removed by a cybersecurity export only. Based on our statistics, about 50% of modern malware can be removed manually with no expert knowledge. Meaning it is worth trying.
The approach is provided without warranty of any kind, either express or implied. Use at your own risk.
How to removing malware manually
- Change passwords for all admin accounts on the website
- Reinstall (restore) WordPress files.
- Remove all inactive plugins and themes.
- Reinstall all commercial plugins and themes by unpacking freshly downloaded versions from the vendor websites you’ve bought them on. Do not deactivate plugins or themes, and do not delete existing files. You need to unpack an archive with a plugin or theme and overwrite existing files by using FTP or a file manager in your hosting control panel.
- Reinstall all free plugins and themes by unpacking freshly downloaded versions from the wordpress.org repository. Do not deactivate plugins or themes, and do not delete existing files. You need to unpack an archive with a plugin or theme and overwrite existing files by using FTP or a file manager in your hosting control panel.
- Install the free version of the WP Cerber plugin from wordpress.org
- Run the integrity checker and malware scanner. Once the scan is completed, delete all unattended files in the results of the scan.
- Remove all “nulled” plugins and themes (GPL versions of commercial software) since, in many cases, their code has been altered and contains malware.
Read more: What to do if your WordPress site has been hacked.
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.
Spotted a bug or glitch?
We’d love to fix it! Share your bug discoveries with us here: Bug Report.