We covered automated and manual methods of scanning and cleaning a WordPress website infected with different types of malware including redirection malware, cryptomining malware and reverse shell. We showed also how to clean an infected wordpress website using WordPress security plugins such as Wordfence.

OSCP Study Notes

The Complete Practical Web Application Penetration Testing Course


On WordPress websites, malware can be installed in a variety of methods. A hacker or bot will typically take advantage of a security flaw.

A hacker may access your website, for instance, if you don’t have security measures in place to stop repeated unsuccessful login attempts or if your password is weak. After that, they can use a brute force attack to install the malware. This is what happens when a bot repeatedly visits your login page and tries hundreds of username and password combinations before finding the correct one.

Hackers can also take advantage of security flaws in outdated plugins and themes. Bot networks utilize these vulnerabilities to find and install malware on websites they crawl across the internet.

Phishing URLs are another way that malware might enter your website. It may occur if you inadvertently visit a hacked website or click on a phishing link in an email. You run the risk of unintentionally installing harmful software on your computer by doing this. There’s a chance that this will end up on your WordPress server.

How to Resotre an Infected WordPress Website?

  • Automated Methods
  • Manual Methods
  • Restore from the latest clean backup after testing at on a test environment

Automated Methods to Scan and Clean WordPress Website Infected With Malware

WordPress has many security plugins that can be used for this purpose:

Manually clean an infected WordPress Website

The manual method requires you to go through the wordpress installation files including the below:

  • wp-config.php
  • .htaccess
  • index.php
  • wp-content/themes
  • wp-content/plugins
  • wp-admin
  • wp-includes

You need to ensure that these files and the directories don’t include obfuscated strings or malicious calls and if you find any make sure to remove them.

Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles