How to Clean an Infected WordPress Site?

Has your WordPress site been infected, and cPFence reported malware or other issues? Don’t worry; follow these steps to clean your site and secure it from future threats.

Step 1: Reset Admin and Database Passwords

Begin by resetting all passwords associated with your WordPress site to ensure unauthorized users can’t access it. This includes:

  • Admin login credentials (WordPress dashboard).
  • Database user passwords (Main control panel > Websites > Databases > users > manage > reset).

Use strong, unique passwords and store them securely.

Tip: Don't forget to update wp-config.php file with the new database password.

Step 2: Remove Unknown Admin Accounts and Database Users

Check for unauthorized users in both your WordPress admin panel and database. Remove any accounts you do not recognize or trust. Follow these steps:

  1. Log in to the WordPress admin panel.
  2. Navigate to Users > All Users and review the list of accounts. Delete any unknown or suspicious accounts.
  3. Check your database for unauthorized users (Main control panel > Websites > Databases > users). Remove any users you didn’t add.

Step 3: Install a Reputable Security Plugin

To thoroughly scan your WordPress site and detect additional vulnerabilities or malware that may not have been identified by the cPFence Virus Scanner, consider installing a reputable security plugin such as Wordfence. Performing a scan from within the WordPress admin panel can significantly enhance the detection rate. Follow these steps:

  1. Log in to the WordPress admin panel.
  2. Navigate to Plugins > Add New and search for Wordfence or another trusted security plugin.
  3. Install and activate the plugin.
  4. Run a full deep scan to detect and remove malware or suspicious files.

After cleaning your site, proceed to the following steps.

Additional Tips for Securing Your Site

  • Keep WordPress core, themes, and plugins updated to the latest versions.
  • Remove unused or outdated plugins and themes.
  • Enable two-factor authentication (2FA) for WordPress logins.
  • Ensure file and folder permissions are secure (e.g., 644 for files and 755 for folders).
  • Regularly back up your website files and database.

Secure Your WordPress Sites with cPFence Bulk Security Features

Cleaning an infected WordPress site is just one part of securing your server. To prevent future attacks and strengthen your server’s defenses, cPFence now offers a suite of bulk security features designed specifically for WordPress. These tools enable you to apply critical security measures across all your sites with just a few commands.

Key Features:

  • Disable XML-RPC: Block XML-RPC attacks server-wide with a 403 response using cpfence --bulk-disable-wp-xmlrpc.
  • Limit Login Attempts: Protect wp-login from brute force attacks by limiting login attempts to 5 in 5 minutes.
  • Set Secure Permissions: Fix insecure file and folder permissions server-wide automatically.
  • Apply WordPress Hardening: Secure uploads, wp-config, and wp-includes with one command.
  • Manage Auto-Updates: Enable or disable automatic updates for WordPress core, plugins, and themes.

To learn more about these features and how to use them, visit our comprehensive guide: How to Use Bulk WordPress Security Features in cPFence.


Need Further Assistance?

If you encounter any issues or need additional help, feel free to reach out to our support team via your client portal.

  • 24 Users Found This Useful
Was this answer helpful?

Related Articles

How to Perform and Export Wordpress Vulnerability Scans with cPFence?

cPFence provides powerful tools for identifying and analyzing Wordpress vulnerabilities. With the...

How to Generate a List of All WordPress Sites on Your Server?

cPFence provides an easy way to generate a comprehensive list of all WordPress sites on your...

How to Quickly Identify Infected WordPress Sites Using cPFence?

cPFence makes it easy to identify and clean infected WordPress sites on your server. Follow the...

How to Use WordPress Auto-Update Features in cPFence?

Managing WordPress sites securely and efficiently is now easier with cPFence's WordPress...

How to Secure Your WordPress Sites with cPFence?

WordPress is a powerful platform, but it can become vulnerable if not properly secured. With...