How to Clean an Infected WordPress Site?

Has your WordPress site been infected, and cPFence reported malware or other issues? Don’t worry; follow these steps to clean your site and secure it from future threats.

Step 1: Reset Admin and Database Passwords

Begin by resetting all passwords associated with your WordPress site to ensure unauthorized users can’t access it. This includes:

  • Admin login credentials (WordPress dashboard).
  • Database user passwords (Main control panel > Websites > Databases > users > manage > reset).

Use strong, unique passwords and store them securely.

Tip: Don't forget to update wp-config.php file with the new database password.

Step 2: Remove Unknown Admin Accounts and Database Users

Check for unauthorized users in both your WordPress admin panel and database. Remove any accounts you do not recognize or trust. Follow these steps:

  1. Log in to the WordPress admin panel.
  2. Navigate to Users > All Users and review the list of accounts. Delete any unknown or suspicious accounts.
  3. Check your database for unauthorized users (Main control panel > Websites > Databases > users). Remove any users you didn’t add.

Step 3: Install a Reputable Security Plugin

To thoroughly scan your WordPress site and detect additional vulnerabilities or malware that may not have been identified by the cPFence Virus Scanner, consider installing a reputable security plugin such as Wordfence. Performing a scan from within the WordPress admin panel can significantly enhance the detection rate. Follow these steps:

  1. Log in to the WordPress admin panel.
  2. Navigate to Plugins > Add New and search for Wordfence or another trusted security plugin.
  3. Install and activate the plugin.
  4. Run a full deep scan to detect and remove malware or suspicious files.

After cleaning your site, proceed to the following steps.

Additional Tips for Securing Your Site

  • Keep WordPress core, themes, and plugins updated to the latest versions.
  • Remove unused or outdated plugins and themes.
  • Enable two-factor authentication (2FA) for WordPress logins.
  • Ensure file and folder permissions are secure (e.g., 644 for files and 755 for folders).
  • Regularly back up your website files and database.

Need Further Assistance?

If you encounter any issues or need additional help, feel free to reach out to our support team via your client portal.

  • 3 Utenti hanno trovato utile questa risposta
Hai trovato utile questa risposta?

Articoli Correlati

How to Perform and Export Wordpress Vulnerability Scans with cPFence?

cPFence provides powerful tools for identifying and analyzing Wordpress vulnerabilities. With the...

How to Secure Your WordPress Sites with cPFence?

WordPress is a powerful platform, but it can become vulnerable if not properly secured. With...

How to Generate a List of All WordPress Sites on Your Server?

cPFence provides an easy way to generate a comprehensive list of all WordPress sites on your...