How to Clean a WordPress Virus from Your Site

wp security audit log

There are about one million new viruses and malware threats released every day.

With that many viruses surfing around the internet, your website can end up infected with at least one of them if you aren’t careful.

Start your blog today with a special OnBlastBlog discount from Bluehost. Only $2.95/mo with a free domain name and email address. You can't beat this offer!

There are several things you can do to protect your website from getting a virus, but if you still catch one, you have to get rid of it right away.

Take a look at this WordPress virus guide to find out if you have a virus, what to do about it, and how to protect yourself in the future.

Do You Really Have a WordPress Virus?

Sometimes people think they have a virus when they really don’t. If your website starts misbehaving or acts a little weird, there may be something else wrong.

There are some pretty clear warning signs that’ll pop up if you have a virus, which we’ll talk about in a minute. So don’t panic if you don’t see those signs. Odds are, you don’t actually have a virus.

However, if you do think you have a virus, even if there’s just a small chance, you should work on removing it right away. Viruses can cause all kinds of problems, and they can put your website on the Google Safe Browsing list, meaning everyone who visits your website can tell it’s been hacked.

This will keep your site from getting good search engine results and can seriously hurt your reputation.

WordPress Virus Warning Signs

Getting some spammy comments on your website isn’t the same thing as being hacked. Those don’t affect the rest of your site and can be removed without a lot of work.



But if you notice any of these warning signs in your website, you have a bigger problem on your hands.

Spam on Your Header

This kind of spam that shows up in your header will usually have adverts for drugs, porn, or other illegal services.

The spam will probably be put on your website without a lot of thought, so it will either catch your attention or be nearly impossible to spot. In some cases, the spam can appear as dark writing on a dark background.

But just because you can’t see the spam doesn’t mean the search engines can’t see it.

User Reports

If your users are sending your reports that your website (or something on your website) is redirecting them to something malicious, pay close attention.

Some viruses know you are the administrator of the website and will hide the spam from you. It won’t hide the spam from your users, so they can see the things you can’t.

If they tell you there’s something suspicious going on, take their word for it and start looking for the source of the problem.

Hosting Provider Reports

Even if your users don’t send you any reports, your hosting provider might. They can tell if your website is acting malicious or is doing anything spammy, and they’ll let you know.

For example, hackers can use the link to your website to redirect people to a different malicious site. Your hosting provider will be able to catch things like this and will let you know.

Malicious Content

You can stumble across malicious looking content on your website on your own too. If you think you have been hacked, an easy way to find out is to look up your website on a search engine.

Search site:yourwebsite.com (put the actual name of your website in the part that says “yourwebsite”) and look for pages of your website you don’t recognize. If you find any malicious looking content, your website has most likely been infected with a virus.

If You Find a Virus, Backup Your Website

You’ll want to do this as soon as possible, and here’s why:

A lot of hosting providers will delete your entire website if they find out it has a virus. Whether they come across this information on their own or you report it, they will get rid of your whole site.

This might sound extreme, but they do this to make sure none of the other systems on their network catch the virus too.

That’s why you need to use your hosting provider’s backup system to create a copy of your website. You can also use a backup plugin to do this.

And don’t overlook your website database. In fact, these should be the files you backup first.

Once your website is backed up, you don’t have to worry about losing any of your content. Even if the copy you have is infected, you can start to clean out your site and know you won’t lose everything if you make a mistake or two.

How to Remove the Virus

If you aren’t sure how to remove a virus from your website on your own, you can find someone to help you or do it for you. You can also go through your website and delete any suspicious content yourself, but it will take more time and might be difficult if you don’t know what you’re looking for.

If you want to do this on your own, here are a few things to keep in mind.

  • The wp-admin and wp-includes directories don’t have new files added often, so if you find new files, you should probably delete them
  • When cleaning out your wp-content/plugins, delete entire directories, not just files
  • Don’t keep old WordPress backups or installations lying around

A hacker can easily get a hold of your old backups. Even though your main website is secure, these old backups aren’t, so a hacker can use it to create a backdoor to your website.

These are what you should check first if you do get hacked.

What to Do After You Remove the WordPress Virus

Once the WordPress virus is gone, make sure all the plugins and themes you’re using are up to date. This will keep your website secure. You should also double check you don’t have any old backups or installations saved anywhere on your server.

When you’re done with that, update your passwords so they are strong and hard to guess. You may want to do this often so your passwords are constantly changing.

Want to make a secure WordPress website but aren’t sure where to start? Take a look at this guide.