Having your WordPress website hacked is a frightening and horrible experience that can leave you feeling violated and an in panic. In such a situation, the best thing to do is take a deep breath and proceed with a cool and pragmatic approach. Install one of the listed WordPress malware removal plugins, scan your site and move beyond your site’s issues.
You may be asking yourself, why has this happened to me and what have I done to deserve this? The internet is full of bots crawling for vulnerable websites. Most attacks on the internet happen randomly, so don’t take it personally. Some hacks are motivated by illegal profit gains, religious and political ideology while others simply see the act as a sport.
Is It Hacked?
In some cases, the intruders don’t want you to know that your website has been hacked because they may want to exploit your site for as long as possible.
On the other hand, if you are staring in shock and awe at big awful message advertising that ‘Hack3d By Mr. [Hacker’s Name]”, the situation doesn’t need much explaining.
You may receive an email from your web hosting provider. The malicious party could be consuming bandwidth without your knowledge. In other cases, your hosting account may be suspended when infected files are found on the server. Web hosting companies take this rather drastic measure to protect your visitors but also to protect their network. When a hosting provider suspends the account, they normally will send you a list of infected files that were discovered when scanning your site. That list is a good place to start when repairing your website.
A sharp drop in traffic is a common effect and cause for suspicion, especially if your website has been blacklisted as an infected site. In this case, web browsers may even display a security warning when your domain is accessed.
You know the experience when you visit a site and then suddenly you get redirected to a suspicious or non-related site? That’s known as a malicious redirect where the objective is to illegally drive traffic to a site.
If a hacker gains access to your website, your web pages can be replaced with fishing pages (or near identical pages). The idea is to trick your customers into divulging valuable information.
If your website looks more like a pharmacy for prescription drugs, then you are the victim of a pharma hack. Note that these links are visible in the search engines.
On the WordPress side of things, check for unfamiliar users that may have been added to your site. Look for un-authorized posts that may have been published and un-wanted spammy links.
Finally, try Googling your company. If you see strange foreign characters or content not related to your business, that’s another indication that your site has been compromised. A handy tip, in this case, is to render your site with a search bot simulator. In some SEO hacks, the unwanted content is only visible to search engines.
In any case, if you have a suspicion that one of your sites in hacked run a quick scan with one of the plugins listed below.
Malware Scanner Plugins for WordPress
Wordfence is by far the most popular security plugin for WordPress and for good reason! The company distributes a free version and a premium version starting at $99 per year.
The plugin consists of 3 core features:
WordPress Firewall – Web Application Firewall identifies and blocks malicious traffic. Built, maintained and continuously updated by the team at WordFence focused 100% on WordPress security.
WordPress Security Scanner – Malware scanner checks core files, themes, and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.
WordPress Security Tools – The plugin also offers an array of security features such as live traffic monitoring, limit login attempts, spam comment filter, and IP address and user agent blocking, email notifications, and monthly reports.
If you would like to learn more about the software, have a look at our tutorial on how to enhance and secure a website with Wordfence.
MalCare is a new service by BlogVault offering daily malware scans starting at $99 per site and a hack repair service starting at $249.
Their advertised selling points are:
Early Malware Detection – MalCare’s automatic scanner ensures you get to know before any damage is done.
Light server usage – MalCare does all the heavy lifting on its own servers ensuring that there is Zero load on your WordPress site.
Detects hard to find Malware – MalCare was developed after analyzing over 240,000 websites and uses over 100 signals to accurately identify even the most complex malware.
One-Click Automatic Clean-Up – With MalCare’s One-Click Malware Cleaner, you no longer need to wait endlessly for technical help to clean your WordPress site.
Built-In Secure WP Backups – A backup is the quintessential safety net of your website when your website is hacked. Powered by BlogVault’s powerful backup service, you are always protected and have access to your backups when you need them.
3. Cerber Security & Anti-Spam
WP Cerber offers an all-in-one solution to protect, monitor and secure a WordPress installation.
The plugin features one of the best malware scanners, offering a software to monitor file changes, verify the integrity of WordPress, plugins, and themes, and to remove malicious code and viruses from your website.
Once installed, you can choose between a Quick Scan and a Full Scan. During the Quick Scan, all files with executable extensions are tested for infections. During the Full Scan, all files (including media) are scanned for malicious payloads.
Additional features of the plugin include:
- Limit login attempts
- Monitors logins, XML-RPC requests or auth cookies
- Whitelist and blacklist IP addresses
- Custom login URL
- Protect contact forms from spam
- Protect post comment forms from spam
- WordPress, theme, and plugin authenticity check
- Monitor file changes
- Hide wp-login.php, wp-signup.php, and wp-register.php from possible attacks
- Hide wp-admin (dashboard) when a user isn’t logged in
- Disable WP REST API
- Disable XML-RPC (including Pingbacks and Trackbacks)
- Disable feeds (block access to the RSS, Atom, and RDF feeds)
- Disable automatic redirection to the login page
- Weekly security report sent by email
- Protection against DoS attacks
Sucuri is one of the better-known companies in the field of WordPress security.
Features of the Sucuri plugin include:
- Security Activity Auditing
- File Integrity Monitoring
- Remote Malware Scanning
- Blacklist Monitoring
- Effective Security Hardening
- Post-Hack Security Actions
- Security Notifications
- Website Firewall
Please note that the website firewall (WAF) is a premium feature offered at a starting price of $16.66 per month.
In the free version, the plugin will scan your WordPress installation and look for modifications to the core files as provided by WordPress.org. Files located in the root directory, wp-admin and wp-includes will be compared against the files distributed with your version number; all files with inconsistencies will be listed for you to review.
5. Anti-Malware Security and Brute-Force Firewall
One of the best malware scanning solutions for WordPress is the Anti-Malware Security plugin by ELI.
Features of the plugin include:
- Run a complete scan to automatically remove known security threats and backdoor scripts.
- Firewall block SoakSoak and other malware from exploiting known plugin vulnerabilities.
- Download definition updates to protect against the latest known security threats.
Premium features (requires a donation) include:
- Patch wp-login and XMLRPC to block brute-force and DDoS attacks.
- Check the integrity of your WordPress Core files.
- Automatically download new Definition Updates when running a Complete Scan.
When installing the plugin, you will have the option to register an account at GOTMLS.net. If you register an account, you can download the latest security definitions or “known threats” to help you analyze potential threats when scanning your application.
SucuPress, a new service, is one of the best security solutions for WordPress webmasters. An all-in-one solution, packed in a beautiful user interface.
Features of the plugin include:
- Brute force protection
- IP Blacklisting
- Built-in Firewall protection
- Malware Scanner
- Protection of Security Keys
- Block visits from Bad Bots
- Vulnerable Plugins & Themes detection
- Security alerts and reports in PDF format
The free malware scanner stands out as one of the finest products on the market. Not only will the plugin scan your website, but it will also provide a security audit report with recommendations to enhance the security of your website.
Premium subscribers have access to the “auto fix” features of the software, which will attempt to automatically remove and repair corrupted files.
7. Clean Talk
The Security & Malware scan by CleanTalk is a service that enhances the security of your website. Built into the plugin is one of the best malware scanners, free firewall service, and security log.
The malware scanner can be automated to run at a predefined interval but also on-demand when a website is compromised.
The scan will search for dangerous code in modified files, malicious signatures in files and will attempt to repair and remove known malware.
The full list features:
- Web Application Firewall
- Malware scanner with AntiVirus functions
- Daily auto malware scan
- Brute force protection
- Limit Login Attempts
- Enhanced login form protection
- Security daily report to email
- Security audit log
- Real-time traffic monitor
8. Quttera Web Malware Scanner
The Quttera Malware Scanner ships with an internal and external scanner. The external scanner will analyze your website pages from outside while the internal scanner will look for malware by checking your installation’s PHP and JS files.
Quttera can also check whether your website is blacklisted by Google and other blacklisting authorities.
A full list of features include:
- One-Click Scan
- Unknown Malware Detection
- External Links Detection
- Blacklist Status
- No Signatures or Patterns Updates
- Artificial Intelligence Scan Engine
- Cloud Technology
- Detailed Investigation Report
- Investigation of WordPress files
- Detection of files infected by PHP malware
- Detection of injected PHP shells
The company also offers a premium service starting a $119 per year offering to repair your hacked website, monitor your site’s health and provide 24/7 support.
9. Ninja Scanner
Ninja Scanner is a lightweight but powerful malware scanner that can help you locate infections and potential security vulnerabilities.
With the click of a button, the application will run a scan and carry out the following checks:
- File integrity check
- File comparison check
- Exclusion filters
- File snapshot
- Database snapshot
- Quarantine infected files
- Debugging log
- Email report
- Integration with NinjaFirewall
- Multi-site support
A premium service is also offered to schedule scans and for WP-CLI integration.
10. BulletProof Security
Last but not least on our list of the malware removal plugins is BulletProof Security, one of the oldest security plugins in the WordPress ecosystem!
Among the many features of the plugin, is a built-in malware scanner.
Though the interface is a little daunting and the options are many, with a few tweaks you can:
- Scan all files and directories located on the server
- Set performance options
- Exclude folders and files
- Scan the database
- Scan image files
Malware Infection Repair Tips
Fixing websites is always a little challenging. But for the DIY webmasters and WordPress developers, one way of going about repairing your site would be to:
Install one of the listed malware removal plugins and run a scan of your file system. Check the results for any unwanted scripts and files. Either delete them or replace them with an uninfected version (download a fresh copy of WordPress).
Don’t place all your bets with a plugin. Check crucial system files by yourself. You will want to pay extra attention to the following files in your theme and WordPress files:
And your theme’s:
It’s also recommended to manually update your WordPress website (please see our how-to guide). Updating WordPress will ensure that WordPress’s core files are free of any infection.
You will also want to remove any unwanted content from your blog (e.g. spammy SEO posts) and reinstate the appropriate content.
Next, determine the cause of the hack. Check if you are running any vulnerable plugins. The WPScan vulnerability database catalogs over 10,000 known vulnerabilities. Either replace the faulty plugins or delete them.
Now it’s time to harden your site’s security.
One consideration is to change hosting companies. Some hacks are caused by lax security measures at a hosting level.
Make sure all software is up to date and check out the WordPress documentation on hardening security. Some really handy tips in that post!
Installing a firewall can help block malicious requests, one of the most popular services is offered by WordFence.
Monitor your website during the next few weeks. It’s also advised to scan your personal computer for viruses.
It’s worth noting that a malware infected site should not be taken lightly.
The fall out could mean that your host suspends your account. Your site may also get blacklisted from search engines, and web browsers may display a security warning each time your site is accessed. Furthermore, a drop in search engine rankings is a likely outcome which could adversely affect your business’s online revenue.
And of course, your online reputation could be harmed. As most customers are unforgiving and may see your site as an untrustworthy service.
Let us know in the comment section below which malware scanner plugin you used to fix your website. We’re looking forward to your feedback!