Keep calm and act wisely!
Often, panicked quick shots are taken, which in the worst case can cause even more damage.
The term virus is a bit misleading because the malicious code that is smuggled in can take a wide variety of forms. Trojans, malware, iFrames – there are all kinds of things that an attacker can leave behind. I’ll talk about virus in this article for the sake of simplicity.
If you’ve discovered a virus on your WordPress website and are now looking for removal instructions, you’ve come to the right place!
You are probably already quite annoyed and afraid that your content is gone and that you have to start over.
The best thing to do is get yourself a fresh coffee or tea and take a deep breath.
Did you take a deep breath?
Well, let’s get started then!
Notice the virus attack WordPress blog is infected by a virus
Since the effects of a virus attack are expressed differently, you do not always notice it immediately. There are several ways in which the infestation can be identified:
- your blog can no longer be viewed and only shows a white page (that does not necessarily mean that you have a virus)
- you will receive an email from your hoster informing you about viruses
- the Google Search Console shows you a possible virus attack (only if your site is registered there)
- your local virus scanner prevents your blog from opening
- you check your blog with a virus scanner and it sounds the alarm
If you feel that something is wrong or you just want to be sure, you can also check your blog with the help of tools.
Free online virus scanning tools
None of these tools offer a 100% detection rate. Sometimes it only checks for a selection of known threats, but this is a good start. Since the scanners test in different ways, you shouldn’t just run one of these tools.
- Security check
- McAfee SiteAdvisor
- Dr.Web AntiVirus
Step by step to a virus-free WordPress blog
If you’re not lucky enough to host your website with a host like RAIDBOXES that removes malware for you, you’ll have to do it yourself.
The easiest way to rid your blog of viruses is to import a backup. If you have a backup from before the virus attack, everything is easy. You can restore a manually created backup by deleting all files on the server, replacing them with your backup data, importing and connecting the database.
Have you created a backup with the help of a plugin and you can still log into your blog? Then simply restore the backup via the plugin.
Unfortunately, you don’t always have a clean backup. But even in this case we can save your blog!
1st step – create a backup
First you connect to your server via FTP . Now you will download all files and folders to your computer.
This step is necessary because we still need the wp-config.php file and the folder with your uploads. In addition, you never know which files or codes you can still use.
Back up the database
You also need a backup of the database to be on the safe side. All your content is in the database. Most of the time it is unaffected by the virus and can persist, but you never know.
Log in to your hoster. There will be a menu item there that shows you an overview of your databases. Mostly it is called “Databases” or “MySQL”. There you can access the database you are using via the “PHP MyAdmin” web interface. Now you will find a point “Export” in the tabs at the top. Simply click on “OK” on the export page, in most cases all settings can remain unchanged.
Your database backup is already downloading.
Step 2 – note the theme and plugins
Since you will delete all files from the server, you will have to write down the theme and plugins used so that you can reinstall them later.
If you can still log into the WordPress backend , navigate to the plugins and write them all down. Then do the same with the theme.
If you no longer have access, you can open the “wp-content” -> “plugins” folder via FTP and note the plugin names in it. Then it’s the turn of the theme,
Step 3 – Delete everything from the server
You now have a complete backup of all files, the plugins used and the theme are noted. Now you need to delete all files and folders from the server. Of course you do that again via FTP. Select all files and folders, right-click and click on “delete”.
4th step – check wp-config.php & uploads
In your backup of the files you will find the “wp-config.php” in the main directory. This file is necessary, among other things, to connect WordPress and the database. So you absolutely need this file!
The same applies to the “uploads” folder in “wp-content”. It contains all uploaded images and other files.
Use your local virus scanner to scan the wp-config.php and the “uploads” folder. If it sounds the alarm, delete the suspicious files! In most cases, however, the “uploads” folder is not affected and can still be used. Then take a good look at the wp-config.php file. If you see suspicious code there, or if you are not sure, use the fresh wp-config.php from the next step and transfer the database access data from the previous one.
Step 5 – clean WordPress & upload important files
So that you have a clean system again, you now need a fresh WordPress package. Download it from the official website, unzip the .zip archive on your computer and upload the files and folders from the “wordpress” folder that appears via FTP. It is important that you do not upload the “wordpress” folder, but the files and folders it contains!
Next you upload your “uploads” folder. Of course, it has to be put back in the same place in the folder structure. So upload it to the “wp-content” folder.
If your wp-config.php file is free of malicious code, you can now upload it to the main directory of the WordPress installation. If you want to be on the safe side, you will find a file with the name “wp-config-sample.php” in the downloaded, clean WordPress. Open this and enter the database access data from the previous wp-config.php. When saving, you have to rename the file to “wp-config.php” and then upload it.
Step 6 – update the database
Sometimes it is necessary to adapt the database to the new files. To do this, go to your website and append /wp-admin/upgrade.php to the URL. You can update the database on the page that appears.
7th step – install theme and plugins
Now you can log into the WordPress backend as usual. This will make your blog look exactly as it did before after installing the theme and plugins!
You can either install it in the WordPress backend or upload the plugins and the theme via FTP.
Step 8 – check everything
Now is the time when your blog should look and work like it always has. However, this is not guaranteed, so you have to check it completely now.
Look through all pages and articles and make sure that the images are displayed correctly. Another source of error often arises with opt-in forms. So be sure to test all of the forms!
Step 9 – Change all passwords
To secure your blog against future attacks, you should change your passwords immediately. This applies to your WordPress access as well as to the FTP password, the access to your hoster and the database password.
Step 10 – Secure your blog
There are a few little tricks you can use to keep your blog secure. They are easy to implement, but they do provide significantly more security.
I will show you these tricks in my article ” Securing WordPress – Basics and professional tips for more WordPress security “.