Cleaning a WordPress site that has been affected with malicious code can be a complex process, but here are some general steps that can be taken to help clean up the site:
- Take a backup of your site: Before attempting any cleanup, take a backup of your site’s files and database. This will ensure that you can restore your site if something goes wrong during the cleanup process. In additionally, the backup files can help you to investigate the issue with the footprint of hacker.
- Identify the malicious code: Scan your site using a malware scanner or security plugin to identify the malicious code. This will help you determine the extent of the infection and the type of malware you’re dealing with. Or jump to Step 4 right away if you are not familiar with the technical thing.
- Delete the infected files: Once you’ve identified the infected files, delete them from your site’s directory. Be sure to also check any plugins or themes that may have been affected by the malware.
- Update WordPress, plugins, and themes: Replace current WordPress core files (remove current “wp-admin”, “wp-includes” folders and all files; except the wp-config.php file; in the root folder of your site) with the original, clean core files (go to WordPress.org, download the latest version of WordPress and upload everything to your site root folder). Do the same thing for all plugins and themes in your “wp-content” folder. This will ensure that any security vulnerabilities are patched, and will make it more difficult for attackers to exploit your site in the future.
- Change your passwords: Change your WordPress login credentials, FTP/SFTP credentials, and database credentials. Use strong, unique passwords that include a mix of letters, numbers, and special characters.
- Install a security plugin: Install a reputable security plugin that can help protect your site from future attacks. Plugins like Wordfence and Sucuri can help scan your site for vulnerabilities, block malicious traffic, and monitor your site for suspicious activity.
- Secure your site folders & files: set appropriate permissions to your folders and files, see: https://wordpress.org/documentation/article/hardening-wordpress/#file-permissions. Also follow other practices in this article which are important to secure your site.
- Monitor your site: Keep an eye on your site’s activity and check your security logs regularly. This will help you detect any future attacks and respond quickly to prevent further damage.
It’s important to note that these steps may not be enough to completely clean up your site, especially if the malware has been active for an extended period of time. In that case, you may need to seek professional assistance from a security expert.