How to Clean Up WordPress Malware

I receive an affiliate commission when you click on my affiliate links & purchase.  I give a portion of all proceeds to Alzheimer’s research as we search for a cure.  I am the sole caretaker for my 75 year old aunt who has Stage 5 Alzheimer’s so we can’t thank you enough.

Share on facebook
Share on twitter
Tweet This
Share on linkedin
Share on reddit
Share on email
Email This Post

Updated for 2019

In 2009, was hit with a “malware” and after a couple of cleanups – I wanted to document how to fix malware on WordPress in case this happens to you.

How to Cleanup Malware on WordPress

Here are the steps that I took (thanks to Hostgator‘s help!)

Step One – I replaced all my old WordPress files with brand new WordPress files!  That actually did 1/2 the trick.  The other half – you will need to remove the virus from your computer.

What are malicious iframes and what causes them?

Over the years hackers found it hard to trick people into visiting suspicious sites so they're now targeting legit sites and using them to infect unknowing customers. In most cases an FTP account's password is obtained through key logging malware, then legit website files are modified to distribute the malware and gather more passwords. If your PC has been infected with one of these trojans, your bank account, email accounts, and FTP accounts may no longer be secure.

* What to do if you find malicious iframes

Step Two. Download antivirus and fully scan your PC for malicious files. If you are looking for the one click solution, then I recommend this anti-virus software.

Step Three:  Search Your Cpanel Files for Any “Weird” Looking Files.  I found a file named autorun in my c drive.  I opened it up using Hostgator's Cpanel, and voila' found the culprit.  The malware struck again a year later, and I found a file named index.html … Since I use WordPress, I saw index.php still intact.  I removed the extra index and voila' found the culprit!

Optional Steps to Remove Malware

3. Update all passwords that may have been obtained. Do not use old passwords, generate new ones.

4. Remove older versions of the files or contact support for assistance removing the malicious iframes.

How to Prevent Your Computer from Future Malware and Virus Attacks

– Ensure you use the latest browser version, and make sure you do an update on your computer every week!  With the latest malware attacks, my computer updates weekly now.  Also, please don't download emails with attachments.  If it sounds to good to be true or doesn't sound like something that belongs to you, then there is a 100% chance it's suspicious sites..

Items Mentioned in This Blog Post

Hosting – 24 Hours a Day Support Make This My Top Recommendation for Hosting.  I use it!  And $3.95 Per Month Hosting! WOW!

Related Articles

This Post Has One Comment

  1. Randall Hinton

    As this article indicates, Malware is a major problem. reports that there are over 800,000 sites that are suffering from malware today. The process described above can be a very good set of tools to remove malware from your site, but in my experience it can come in many different and continuously innovative ways.

    So if the process seems to get to difficult, or if you have gotten infected multiple times I can probably help.

    I have worked to help numerous clients recover their sites, as well as monitor their sites to prevent future attacks and downtime because of being marked as infested by google and other services.

Leave a Reply

Click Here for the Private Stuff

Subscribe to to get access to backstage training exclusive to subscribers.