Remove Malware from Your WordPress Site

Cleaning a hacked WordPress site is no easy task. And now that Google is enforcing a 30-day ban on site reviews to prevent repeat offenders from distributing malware, cleaning up a hacked site thoroughly is more important than ever.

I highly recommend using a professional to clean the site. team, the Hack Repair Guys, is the team I most often refer people. They have great knowledge base of research on website security, vulnerabilities, vectors, and more.

Finding the cause of the hack

Finding the cause of a WordPress hack can be tricky if you are not a professional, but it is certainly not beyond your reach if you have an eagle eye. Check out this post by Smashing Magazine on common WordPress hacks. Once you have identified the type of hack you encountered, you can more easily narrow down why it occurred. In many cause the WHY is not as important as the clean up, but can be important if the cause came from your own computer.

I had one client whose site was infected by a browser extension she inadvertently installed on her computer. She essentially hacked her own site by injecting JavaScript into her Visual Editor every time she edited a page on the site! This code was invisible in the Visual Editor (though it was visible in the Text tab), and even if I cleaned it up, she would have hacked herself again. A Google search on some text I found in the injected code led me to an article on website that helped me figure out why the hack occurred and get the client to an IT professional to fix her computer.

Also, if you reinstall the same plugin or theme that was vulnerable and aren’t aware that this is why your site was hacked, then the site will get re-hacked pretty quickly. So knowing the cause is more about making you aware to not repeat the same mistakes after all the effort you went to to clean things up.