How to get rid of malware from your website: A complete guide

In this digital age when most of the business is done online, owning and running a website these days is very common for tech professionals and businesses. The other thing that is also very common is the cyberattacks on websites in form of malware, ransomware, data breach and DDoS (Direct Denial of Service) etc. We present you with this complete guide to help you get rid of malware in case your website has been compromised.

Let us first understand, how can a malware harm your website. Many people apply security plugins to protect their websites from malware. But if the malware has somehow managed to sneak out from security plugins, then-

  • Your website viewers will be directed to fraudulent links and promoting scams
  • Your website visitors will receive spam emails and links
  • This will steal your data as well as your user’s data
  • It may blacklist your website and put your company’s reputation at risk

Well, every problem has a solution. Go through the mentioned steps to get rid of the unwanted malware.

Yes, most of the time this technique is really useful. Try to backup your website and after a successful attempt, you will sense the absence of malware. Considering the malware is dormant and smart, this might not help.

Now, do scan your website either, directly install a scanning tool on your website in case you use WordPress or through your computer system after you have successfully downloaded the backup. Using a plugin may take some time but it is worthy in the end. Malware affects the vital components of a website, themes and functions.php, for example. The good thing is plugins search the files deeply to find which one is carrying the malware’s code and eradicate the infected files completely.

Another way is to track down which files are carrying the malware using plugins and delete immediately. If you still feel that malware exists then get rid of all the files and folders from your website, leaving wp-config.php and wp-content.

Make a comparison between the newly installed file and the existing files in wp-config.php, and do not hesitate to erase any suspicious file. Also, get rid of each subfolder of plugins along with themes from the wp-content folder. Moreover, index.php file may also contain malicious code so put an end to this as well. It is preferred to observe the website for some time.

Lastly, reset all the passwords to be extra careful as malware does steal data and you would not want to face such a mess one more time.

Even after the removal of malware, your website might be tagged as unsafe from Google’s end, how would you change that?

Once you have removed the malware from your website successfully, its time to remove your website from the blacklist and allow your users to know that your website is safe. To undo the damage caused, perform the following steps

  • Get your website registered on Google Search Console and verify ownership of your website.
  • Scroll down to click ‘Security & Manual Actions’, instantly it’s drop-down menu will find you ‘Security Issues’ where you can ‘Request A Review’.