How to Remove Malware & Fix a Hacked WordPress Site (2023)

<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover" /> <meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' />  <title>How to Remove Malware & Fix a Hacked WordPress Site (2023) | Sucuri</title> <meta name="description" content="The ultimate WordPress malware removal guide! Learn how to scan a hacked WordPress site, find and remove malware and viruses, and fix site warnings. Clean up WP to stop attacks and prevent reinfection. Complete with post-hack hardening instructions to protect your website." /> <link rel="canonical" href="https://sucuri.net/guides/how-to-clean-hacked-wordpress/" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="How to Remove Malware & Clean a Hacked WordPress Site" /> <meta property="og:description" content="The ultimate WordPress malware removal guide! Learn how to scan a hacked WordPress site, find and remove malware and viruses, and fix site warnings. Clean up WP to stop attacks and prevent reinfection. Complete with post-hack hardening instructions to protect your website." /> <meta property="og:url" content="https://sucuri.net/guides/how-to-clean-hacked-wordpress/" /> <meta property="og:site_name" content="Sucuri" /> <meta property="article:publisher" content="https://www.facebook.com/SucuriSecurity" /> <meta property="article:modified_time" content="2024-01-03T21:40:28+00:00" /> <meta property="og:image" content="https://sucuri.net/wp-content/uploads/2023/01/2022_Sucuri_Guide_How-to-Clean-a-Hacked-WordPress-Website.png" /> <meta property="og:image:width" content="2048" /> <meta property="og:image:height" content="963" /> <meta property="og:image:type" content="image/png" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:site" content="@sucurisecurity" /> <meta name="twitter:label1" content="Est. reading time" /> <meta name="twitter:data1" content="29 minutes" />  <link rel='dns-prefetch' href='//cdn.jsdelivr.net' /> <link rel="alternate" type="application/rss+xml" title="Sucuri » Feed" href="https://sucuri.net/feed/" /> <link rel="alternate" type="application/rss+xml" title="Sucuri » Comments Feed" href="https://sucuri.net/comments/feed/" /> <script type="text/javascript"> /* <![CDATA[ */ window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/sucuri.net\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.2"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); /* ]]> */ </script> <style id='wp-emoji-styles-inline-css' type='text/css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-components-css' href='https://sucuri.net/wp-includes/css/dist/components/style.min.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-preferences-css' href='https://sucuri.net/wp-includes/css/dist/preferences/style.min.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-block-editor-css' href='https://sucuri.net/wp-includes/css/dist/block-editor/style.min.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-reusable-blocks-css' href='https://sucuri.net/wp-includes/css/dist/reusable-blocks/style.min.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-patterns-css' href='https://sucuri.net/wp-includes/css/dist/patterns/style.min.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-editor-css' href='https://sucuri.net/wp-includes/css/dist/editor/style.min.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='sucuri_framework-cgb-style-css-css' href='https://sucuri.net/wp-content/mu-plugins/sucuri-framework/dist/blocks.style.build.css?ver=1645707241' type='text/css' media='all' /> <style id='classic-theme-styles-inline-css' type='text/css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <style id='global-styles-inline-css' type='text/css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #fff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--green: #12A94B;--wp--preset--color--secondary-green: #41BA6E;--wp--preset--color--tertiary-green: #94D8AD;--wp--preset--color--blue: #2188AB;--wp--preset--color--secondary-blue: #6EB1C8;--wp--preset--color--tertiary-blue: #9AC9D8;--wp--preset--color--teal: #2D7A6D;--wp--preset--color--secondary-teal: #76A8A0;--wp--preset--color--tertiary-teal: A0C3BD;--wp--preset--color--darkblue: #0E406A;--wp--preset--color--secondary-darkblue: #61829D;--wp--preset--color--tertiary-dark-blue: #91A8BB;--wp--preset--color--red: #EA3232;--wp--preset--color--secondary-red: #F17070;--wp--preset--color--tertiary-red: #F5A2A2;--wp--preset--color--yellow: #F6DA23;--wp--preset--color--secondary-yellow: #F9E66F;--wp--preset--color--tertiary-yellow: #FAEE9B;--wp--preset--color--gray: #5D5D5D;--wp--preset--color--secondary-gray: #959595;--wp--preset--color--tertiary-gray: #B5B5B5;--wp--preset--color--form-gray: #D3D3D3;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='slick-css-css' href='https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='sucuriwp-style-css' href='https://sucuri.net/wp-content/themes/sucuriwp/style.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='sucuriwp-theme-css' href='https://sucuri.net/wp-content/themes/sucuriwp/css/style.css?ver=1731466407' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-frontend-css' href='https://sucuri.net/wp-content/uploads/elementor/css/custom-frontend.min.css?ver=1731961065' type='text/css' media='all' /> <link rel='stylesheet' id='widget-image-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-image.min.css?ver=3.25.4' type='text/css' media='all' /> <link rel='stylesheet' id='widget-nav-menu-css' href='https://sucuri.net/wp-content/uploads/elementor/css/custom-pro-widget-nav-menu.min.css?ver=1731961065' type='text/css' media='all' /> <link rel='stylesheet' id='swiper-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=5.3.6' type='text/css' media='all' /> <link rel='stylesheet' id='e-swiper-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/conditionals/e-swiper.min.css?ver=3.25.4' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-post-8778-css' href='https://sucuri.net/wp-content/uploads/elementor/css/post-8778.css?ver=1731961065' type='text/css' media='all' /> <link rel='stylesheet' id='e-popup-style-css' href='https://sucuri.net/wp-content/plugins/elementor-pro/assets/css/conditionals/popup.min.css?ver=3.25.2' type='text/css' media='all' /> <link rel='stylesheet' id='widget-heading-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-heading.min.css?ver=3.25.4' type='text/css' media='all' /> <link rel='stylesheet' id='widget-text-editor-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-text-editor.min.css?ver=3.25.4' type='text/css' media='all' /> <link rel='stylesheet' id='widget-menu-anchor-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-menu-anchor.min.css?ver=3.25.4' type='text/css' media='all' /> <link rel='stylesheet' id='widget-video-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-video.min.css?ver=3.25.4' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-post-10226-css' href='https://sucuri.net/wp-content/uploads/elementor/css/post-10226.css?ver=1731962711' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-post-10522-css' href='https://sucuri.net/wp-content/uploads/elementor/css/post-10522.css?ver=1731961666' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-post-10539-css' href='https://sucuri.net/wp-content/uploads/elementor/css/post-10539.css?ver=1731961065' type='text/css' media='all' /> <link rel='stylesheet' id='google-fonts-1-css' href='https://fonts.googleapis.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CTitillium+Web%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap&ver=6.6.2' type='text/css' media='all' /> <link rel="preconnect" href="https://fonts.gstatic.com/" crossorigin><script type="text/javascript" src="https://sucuri.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script> <link rel="https://api.w.org/" href="https://sucuri.net/wp-json/" /><link rel="alternate" title="JSON" type="application/json" href="https://sucuri.net/wp-json/wp/v2/guides/10226" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://sucuri.net/xmlrpc.php?rsd" /> <link rel='shortlink' href='https://sucuri.net/?p=10226' /> <link rel="alternate" title="oEmbed (JSON)" type="application/json+oembed" href="https://sucuri.net/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsucuri.net%2Fguides%2Fhow-to-clean-hacked-wordpress%2F" /> <link rel="alternate" title="oEmbed (XML)" type="text/xml+oembed" href="https://sucuri.net/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsucuri.net%2Fguides%2Fhow-to-clean-hacked-wordpress%2F&format=xml" /> <script type='text/javascript'>/*<![CDATA[*/(function(n,d,c){d.setTime(d.getTime()+2592000000);c=(new RegExp('[?&]'+n+'=([^&#]*)','i')).exec(window.location.search);if(c=c?c[1]:null)document.cookie=n+'='+c+';expires='+d.toUTCString()+';domain=.sucuri.net;path=/';})('cjevent',new Date());/*]]>*/</script><script src="https://tags.tiqcdn.com/utag/gpl/sucuri/prod/utag.sync.js"></script><script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [{ "@type": "Question", "name": "How do WordPress sites get hacked?", "acceptedAnswer": { "@type": "Answer", "text": "Attackers often target known vulnerabilities in the WordPress CMS, plugins and themes to hack websites and gain unauthorized access. Hackers use a variety of tactics to obtain access to insecure login points. Many attacks are automated and may include brute force, XSS, man in the middle or even social engineering." } }, { "@type": "Question", "name": "How do I scan WordPress plugins for malware?", "acceptedAnswer": { "@type": "Answer", "text": "You can use <a href='https://sitecheck.sucuri.net/'>SiteCheck</a> to scan your WordPress site for malware, indicators of compromise, and blacklisting for free. We highly recommend updating all WP plugins regularly and that you remove all plugins that are not being actively used. Sucuri also offers a website scanning and malware detection platform to help you identify and remove any malware." } }, { "@type": "Question", "name": "How do I find malicious code in WordPress?", "acceptedAnswer": { "@type": "Answer", "text": "You can use <a href='https://sitecheck.sucuri.net/'>SiteCheck</a> to scan your WordPress site for malware, indicators of compromise, and blacklisting for free. We highly recommend checking core WordPress file integrity, diagnostic pages, and recently modified files. Sucuri provides website malware cleanup and removal if you need help cleaning up a hacked WordPress site." } }, { "@type": "Question", "name": "How do I protect my WordPress site from malware?", "acceptedAnswer": { "@type": "Answer", "text": "You can secure your WordPress website by following security best practices and hardening techniques, keepings your CMS, plugins, themes and other components updated with the latest security patches, enforcing strong password requirements and using a <a href='https://sucuri.net/website-firewall/wordpress-firewall/'>WordPress firewall</a>." } }] } </script> <html> <head> <title>How to Remove Malware & Fix a Hacked WordPress Site</title> </head> <body> <script type="application/ld+json"> { "@context": "http://schema.org", "@type": "HowTo", "name": "How to Remove Malware & Fix a Hacked WordPress Site", "description": "If your WordPress site gets hacked - don’t panic. Follow this step-by-step guide to find and remove malware, spam, and other hacks to fix your WordPress site.", "image": { "@type": "ImageObject", "url": "https://sucuri.net/images/2018/18-sucuri-guide-how-to-clean-hacked-wordpress-guide-step-image-2@2.png", "height": "282", "width": "507" }, "step": [ { "@type": "HowToStep", "url": "https://sucuri.net/guides/how-to-clean-hacked-wordpress/#1-1", "name": "Find and identify a WordPress hack", "itemListElement": [{ "@type": "HowToDirection", "text": "Scan your WordPress site: The first step to removing malware from your WordPress site is to identify the type of hack. This will help you narrow down the infection to make it easier to find." }, { "@type": "HowToDirection", "text": "Check core WordPress file integrity: WordPress installations are made up of many core files that stay consistent between versions. Most core files within WordPress should never be modified. There are core files located within the webroot, along with the wp-includes and wp-admin directories. An integrity check will need to be performed to ensure that no core files have been maliciously modified." }, { "@type": "HowToDirection", "text": "New or recently modified files may be part of the hack. There are many ways to check recently modified files, like reviewing cPanel or SSH." }, { "@type": "HowToDirection", "text": "Check Google diagnostic pages: If your WordPress site has been blocklisted by Google or other website security authorities, you can use their diagnostic tools to check the security status of your website." }] }, { "@type": "HowToStep", "name": "Remove malware from your WordPress site and database", "url": "https://sucuri.net/guides/how-to-clean-hacked-wordpress#2-1", "itemListElement": [{ "@type": "HowToTip", "text": "Clean hacked WordPress files: WordPress is made up of many files and folders that all work together to create a functional website. Most of these files are core files, which are consistent across installations of the same version. If the infection is in your core files, you can fix the malware manually by downloading a fresh installation from the official WordPress site and replacing each compromised file with clean copies. Just don’t overwrite your wp-config.php file or wp-content folder and be sure to make a full backup beforehand." }, { "@type": "HowToDirection", "text": "Clean hacked database tables: To remove a malware infection from your WordPress database, use your database admin panel to connect to the database. You can also use tools like PHPMyAdmin or Adminer." }, { "@type": "HowToDirection", "text": "Secure WordPress user accounts: Attackers will often create malicious admin users and/or FTP users to gain access back into your site at a later date, so it’s vital to review user account access through every possible entry point into your site. If a WordPress site becomes infected and is cleaned but the malicious admin/FTP users remain, the site will quickly become reinfected." }, { "@type": "HowToDirection", "text": "Remove hidden backdoors in your WordPress site: Hackers always leave a way to get back into your site. More often than not, we find multiple backdoors of various types in hacked WordPress sites. We regularly find backdoors embedded in files named similar to WordPress core files but located in the wrong directories. Attackers can also inject backdoors into files like wp-config.php and directories like wp-content/themes, wp-content/plugins, and wp-content/uploads." }, { "@type": "HowToDirection", "text": "Remove malware warnings: If you were blocklisted by Google, McAfee, Yandex (or any other vendor), you can request a review after your WordPress site has been cleaned and the hack has been fixed. You will need to fill in a review request form for each blocklisting authority." }] }, { "@type": "HowToStep", "name": "Protect your WordPress site from future hacks", "url": "https://sucuri.net/guides/how-to-clean-hacked-wordpress#3-1", "itemListElement": [{ "@type": "HowToDirection", "text": "Update out-of-date software: Outdated software is one of the leading causes of infections. This includes the WordPress version, plugins, themes, and any other pieces of software installed on the site. Critical vulnerability patches are released often by plugin and theme authors and it is crucial to stay up to date on the latest updates." }, { "@type": "HowToDirection", "text": "Change user passwords: It is critical that you change passwords for all access points to your WordPress site. This includes WordPress user accounts, FTP/SFTP, SSH, cPanel, and your database." }, { "@type": "HowToDirection", "text": "Harden your WordPress site: To harden a server or application means that you take steps to reduce the attack surface or entry points for attackers. There are countless ways to harden your website. Check out these recommendations to protect and defend your WordPress site against malware and attacks." }, { "@type": "HowToTip", "text": "Schedule regular backups for your WordPress site: Backups function as a safety net. Now that your WordPress site is clean and you’ve taken some important post-hack steps, make a backup! Having a good backup strategy is at the core of a good security posture." }, { "@type": "HowToDirection", "text": "Use a website firewall: The number of vulnerabilities exploited by attackers grows every day. Trying to keep up is challenging for administrators. Website Firewalls were invented to provide a perimeter defense system surrounding your WordPress site." }] } ] } </script> </body> </html> <meta name="generator" content="performance-lab 3.5.1; plugins: "> <meta name="generator" content="Elementor 3.25.4; features: e_font_icon_svg, additional_custom_breakpoints, e_optimized_control_loading; settings: css_print_method-external, google_font-enabled, font_display-swap"> <style type="text/css">.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style> <style> .e-con.e-parent:nth-of-type(n+4):not(.e-lazyloaded):not(.e-no-lazyload), .e-con.e-parent:nth-of-type(n+4):not(.e-lazyloaded):not(.e-no-lazyload) * { background-image: none !important; } @media screen and (max-height: 1024px) { .e-con.e-parent:nth-of-type(n+3):not(.e-lazyloaded):not(.e-no-lazyload), .e-con.e-parent:nth-of-type(n+3):not(.e-lazyloaded):not(.e-no-lazyload) * { background-image: none !important; } } @media screen and (max-height: 640px) { .e-con.e-parent:nth-of-type(n+2):not(.e-lazyloaded):not(.e-no-lazyload), .e-con.e-parent:nth-of-type(n+2):not(.e-lazyloaded):not(.e-no-lazyload) * { background-image: none !important; } } </style> <link rel="icon" href="https://sucuri.net/wp-content/uploads/2022/02/cropped-Sucuri_FavIcon_512x512-1-32x32.png" sizes="32x32" /> <link rel="icon" href="https://sucuri.net/wp-content/uploads/2022/02/cropped-Sucuri_FavIcon_512x512-1-192x192.png" sizes="192x192" /> <link rel="apple-touch-icon" href="https://sucuri.net/wp-content/uploads/2022/02/cropped-Sucuri_FavIcon_512x512-1-180x180.png" /> <meta name="msapplication-TileImage" content="https://sucuri.net/wp-content/uploads/2022/02/cropped-Sucuri_FavIcon_512x512-1-270x270.png" /> <style type="text/css" id="wp-custom-css"> a{ color: #028673; } .sucuri-widget-hero-internal-revamp-section.parent .wrapper{ justify-content: flex-end; } p.priceText.spacerContentNeg { padding-top: 0px; } .btn-primary{ color: #fff; background-color: #028673; border-color: #028673; } .hero-nav{ z-index: 99 !important; } .cookie-policy-banner p { color: #028673 !important; } #no-underline p a{ text-decoration: none !important; } body, a:visited, p, select, textarea{ font-size: 16px; } .elementor-widget-text-editor ol, .elementor-widget-text-editor ul { margin-left: 0; padding-left: revert; } footer li a:hover{ color: #26ba9e !important; } .elementor-widget-text-editor .elementor-widget-container h1{ font-weight: 700 !important; font-size: 50px !important; line-height: 50px !important; margin-bottom: 50px !important; font-family: "Titillium Web", Sans-serif; } .elementor-widget-text-editor .elementor-widget-container h2{ font-weight: 700 !important; font-size: 25px !important; line-height: 25px !important; margin-bottom: 25px !important; } .elementor-widget-text-editor .elementor-widget-container h3{ font-weight: 700 !important; font-size: 23px !important; line-height: 24px !important; margin-bottom: 25px !important; } .elementor-widget-text-editor .elementor-widget-container h4{ font-weight: 700; font-size: 20px !important; line-height: 23px !important; margin-bottom: 25px !important; } .elementor-widget-text-editor .elementor-widget-container h5{ font-weight: 700 !important; font-size: 18px !important; line-height: 23px !important; margin-bottom: 25px !important; } .elementor-widget-text-editor .elementor-widget-container h6{ font-weight: 700 !important; font-size: 16px !important; line-height: 23px !important; margin-bottom: 25px !important; } .guides-template-default.single.single-guides .elementor-widget-container h1{ font-weight: 700 !important; font-size: 64px !important; line-height: 64px !important; margin-bottom: 100px !important; font-family: "Titillium Web", Sans-serif; } .guides-template-default.single.single-guides .elementor-widget-container h2{ font-weight: 700 !important; font-size: 50px !important; line-height: 1 !important; margin-top: 50px !important; margin-bottom: 15px !important; font-family: "Titillium Web", Sans-serif; } .guides-template-default.single.single-guides .archive .elementor-widget-container h2{ margin-bottom: 25px !important; } .guides-template-default.single.single-guides .elementor-widget-container h3{ font-weight: 600 !important; font-size: 25px !important; line-height: 25px !important; margin-top: 30px !important; margin-bottom: 10px !important; } .guides-template-default.single.single-guides .elementor-widget-container h4{ font-weight: 500; font-size: 20px; line-height: 24px; margin-top: 25px; } .guides-template-default.single.single-guides .elementor-widget-container h5{ font-weight: 500 !important; font-size: 18px !important; line-height: 23px !important; margin-top: 20px !important; } .guides-template-default.single.single-guides .elementor-widget-container h6{ font-weight: 500 !important; font-size: 16px !important; line-height: 23px !important; margin-top: 15px !important; } .header-b .top-nav-wrapper .nav-bar.ua-lg .u-attack { background-color: #028673; } /*custom css*/ /*hero nav in double line when screen is small*/ .hero-nav__list{ flex-wrap: nowrap } .sucuri-widget-sub-nav.fixed{ top:90px !important; } .responsive-table{ overflow-x: auto; } .table_breakdown{ width: unset; min-width: 1080px; } .home .hero-nav{ top: 90px !important; } .sucuri-widget-table-content .linkContainer{ height: auto !important; } /* .guides-template-default.single.single-guides h1{ font-family: "Titillium Web" !important; font-size: 64px !important; font-weight: 700; margin-bottom: 100px !important; } .guides-template-default.single.single-guides h2{ font-family: "Titillium Web" !important; font-weight: 700 !important; font-size: 25px !important; line-height: 25px !important; margin-bottom: 25px !important; } .guides-template-default.single.single-guides h3{ font-family: "Open Sans" !important; font-weight: 700 !important; font-size: 23px !important; line-height: 24px !important; margin-bottom: 25px !important; } .guides-template-default.single.single-guides h4{ font-family: "Open Sans" !important; font-size: 22px !important; font-weight: 700 !important; margin-bottom: 30px !important; } .guides-template-default.single.single-guides h5{ font-family: "Open Sans" !important; font-size: 21px !important; font-weight: 700 !important; margin-bottom: 20px !important; } .guides-template-default.single.single-guides h6{ font-family: "Open Sans" !important; font-size: 18px !important; font-weight: 400 !important; margin-bottom: 20px !important; } */ .hero-nav__list { padding-left: 10px; } @media (min-width: 1200px){ .v2-subnav { height: auto; } } .v2-subnav { height: auto !important; } .sucuri-widget-sub-nav.fixed{ z-index: 1 !important; } .sucuri-widget-sub-nav ul li a{ font-size: 12px; } .sucuri-widget-card-plans .card-plans-container .card-plans-list #card-plans-list-single.background-important .card-plans-single .absolute-footer .card-sub-button p a{ color: #fff; } .sucuri-widget-brands-banner .sucuri-widget-brands-banner-internal .imgContainer.fiveRow{ padding-left:20px; padding-right:20px; } .sucuri-widget-faq-content h2{ font-weight: 700 !important; } /* chat bubble colors */ .chat-widget-wrapper .phone-banner { background-color: #26ba9e; } .chat-widget-wrapper .chat-widget-container { background-color: #028673; } .chat-widget-wrapper .chat-widget-container .chat-widget-avatar { background-color: #26ba9e; border: 4px solid #26ba9e; } /* footer custom css */ @media (min-width: 1400px) { footer .container { max-width: 1140px; padding: 0; } } .footer-b hr { width: 97%; display: block; margin: 0 auto; margin-top: 3rem; margin-bottom: 1rem; } /* custom css for hero nav menu list */ @media(min-width: 992px){ .header-b .top-nav-wrapper .nav-bar.pro-sol{ margin-left: 3rem; } } @media(min-width: 1400px){ .hero-nav__list{ max-width: 1300px; } .sucuri-widget-sub-nav ul{ max-width: 1300px; } } @media(min-width: 1920px){ .hero-nav__list{ max-width: 1140px; } .sucuri-widget-sub-nav ul{ max-width: 1300px !important; } } .v2-subnav .hero-nav__item a{ padding-left: 5px; padding-right: 10px; font-size: 10px; font-weight: 400; } .sucuri-widget-sub-nav ul li a{ font-weight: 400; font-size: 10px !important; padding-right:30px; } @media(min-width: 992px){ .v2-subnav .hero-nav__item a{ padding-left: 20px; } } @media(min-width: 1440px){ .v2-subnav .hero-nav__item a{ padding-left: 20px; padding-right: 20px; font-size: 12px; } .sucuri-widget-sub-nav ul li a{ font-size: 12px !important; } } @media(min-width: 1920px){ .v2-subnav .hero-nav__item a{ padding-left: 0px; } .sucuri-widget-sub-nav ul li a{ padding-left: 0 !important; } } /* custom css for nav content */ .elementor-widget.elementor-widget-text-editor a{ text-decoration: none !important; } .elementor-widget.elementor-widget-text-editor h4{ font-weight: 700; } .sucuri-widget-nav-content ul li a{ padding: 20px 12px !important; font-size: 14px; } /* cards */ .archive.post-type-archive .elementor-post__card .elementor-post__title{ font-size: 20px !important; } .archive.post-type-archive .elementor-post__card .elementor-post__title{ margin-top: 0px !important; } .archive.post-type-archive .elementor-post__card .elementor-post__title a{ font-size: 20px !important; line-height: 1.4 !important; } /* FAQ CONTENT */ .sucuri-widget-faq-content .faq-content-single p span{ display:block; padding-left:20px; } .sucuri-widget-faq-content .faq-content-single p span:first-child{ padding-top:10px } .sucuri-widget-faq-content .faq-content-single > ul > li input[type=checkbox]{ height: auto !important; } .sucuri-widget-faq-content .faq-content-single h4{ font-size: 18px !important; margin-top: 0px !important; margin-bottom: 0px !important; font-weight: 700 !important; } pre code{ padding: 0px; } article.post{ box-shadow: 0 0 10px 0 rgba(0,0,0,.15); border-radius: 8px; overflow: hidden; } article.post .post-content{ padding: 20px; } article.post .post-content .post-title{ color: #028673; font-family: "Titillium Web", Sans-serif; font-size: 20px; font-weight: 700; } .container-grid-layout{ display: flex; grid-template-columns: repeat(3, 1fr); grid-template-rows: repeat(auto-fit, minmax(200px, 1fr)); grid-auto-rows: 200px; grid-auto-flow: row dense; grid-gap: 14px; /* padding: 10px; */ box-sizing: border-box; padding-right: 15px; grid-template-rows: 160px 170px 0px; flex-direction: column; } .container-grid-layout .frame-1x1{ grid-column: span 1; grid-row: span 1; } .container-grid-layout .frame-1x2{ grid-column: span 1; grid-row: span 2; } .container-grid-layout .frame-2x1 { grid-column: span 2; grid-row: span 2; } @media(min-width: 768px){ .container-grid-layout{ display: grid; grid-template-columns: repeat(3, 1fr); grid-template-rows: repeat(auto-fit, minmax(200px, 1fr)); grid-auto-rows:200px; grid-auto-flow:row dense; grid-gap: 14px; /* padding: 10px; */ box-sizing:border-box; padding-right: 15px; grid-template-rows: 107px 113px 0px; flex-direction: column; } } @media(min-width: 992px){ .container-grid-layout{ grid-template-rows: 145px 145px 0px; } } @media(min-width: 1440px){ .container-grid-layout{ grid-template-rows: 160px 170px 0px; } } .container-grid-third{ display: flex; grid-template-columns: 1fr; place-items: start; padding: 0px; padding-right: 10px; grid-template-columns: 1fr 1fr 1fr; grid-gap: 8px; margin-bottom: 10px; flex-direction: column; flex-wrap: nowrap; align-content: center; } .container-grid-third .post{ width: calc(100% - 5px); position: relative; height: 0; width: calc(100% - 5px); position: relative; background-repeat: no-repeat; background-position: 50% 50%; background-size: cover; display: flex; flex-direction: column; justify-content: space-between; } .container-grid-third .frame-1x1{ padding-bottom: calc(48% - 5px); grid-row: span 2 / auto; } .container-grid-third .frame-1x2{ padding-bottom: calc(130% - 5px); grid-row: span 3 / auto; } @media(min-width: 768px){ .container-grid-third{ display: grid; grid-template-columns: 1fr; place-items: start; padding: 0px; padding-right: 10px; grid-template-columns: 1fr 1fr 1fr; grid-gap: 8px; margin-bottom: 10px; } .container-grid-third .frame-1x1{ padding-bottom: calc(48% - 5px); } .container-grid-third .frame-1x2{ padding-bottom: calc(250% - 5px); } } @media(min-width: 992px){ .container-grid-third .frame-1x2{ padding-bottom: calc(165% - 5px); } } @media(min-width: 1440px){ .container-grid-third .frame-1x2{ padding-bottom: calc(135% - 5px); } } .shortcodes-custom-container .box{ display: none; } .container-ad{ box-shadow: 0 0 10px 0 rgba(0,0,0,.15); border-radius: 8px; grid-column: span 1; grid-row: span 2; display: flex; flex-direction: column; flex-wrap: nowrap; align-items: center; justify-content: center; background-image: url('https://sucuri.net/wp-content/uploads/2023/07/23-sucuri-content-hub-we-are-here-to-help-bg.png'); background-position: center; background-repeat: no-repeat; background-size: cover; } .container-ad p{ margin-bottom: 0px !important; } .container-ad h2{ margin-top: 0px !important; font-family: "Titillium Web"; font-size: 50px; line-height: 1.2; } .container-ad h2, .container-ad p, .container-ad .link{ text-align: center; color: white; font-weight: 700; } .container-ad .btn{ background: #028673; color: white; margin: 0px 0 20px 0; } .elementor-widget-text-editor strong span { text-decoration: none !important; } select#post-filter-select { padding: 5px 10px; border: 1px solid #F0F1F2; box-shadow: 0 0 10px 0 rgba(0,0,0,.15); min-width: 180px; margin-right: 40px; border-radius: 7px; border-right: 10px solid transparent; } .custom-post-filter a{ background-color: #4F6CB5; color: white; padding: 7.5px 25px; border-radius: 7px; font-size: 16px; font-weight: 500; } .container-grid-third.second-option .frame-1x1{ padding-bottom: calc(82% - 5px); } /* faq section */ .sucuri-widget-faq-content .faq-content-single h4{ margin-top: 0px !important; } .sucuri-widget-faq-content-advanced .faq-content-single h4{ margin-top: 0px !important; } .sucuri-widget-faq-content-advanced .faq-content-single > ul > li input[type=checkbox]:checked ~ h4{ margin-top: 0px !important; } .sucuri-widget-faq-content h2{ margin-bottom: 50px !important; } .sucuri-widget-faq-content-advanced h4{ font-size: 25px; } /* table sign up */ .sucuri-widget-new-card-plans .sucuri-widget-platform-static-cards-widget .dropdown-content-table ul li:nth-child(2n+1) table tbody tr td svg{ max-width: 20px; } svg.e-font-icon-svg.e-fas-check-circle{ fill: #028673; } svg.e-font-icon-svg.e-fas-circle { fill: #f2f5f5; } .sucuri-widget-new-card-plans .sucuri-widget-platform-static-cards-widget .dropdown-content-table .table_breakdown tbody tr td:not(:first-child) svg{ max-width: 20px } .sucuri-widget-platform-static .dropdown-content-table .table_breakdown tbody tr td:not(:first-child) svg{ max-width: 20px } .sucuri-widget-platform-dropdown .platform-dropdown-single .dropdown-content-table .table_breakdown tbody tr td:not(:first-child) svg{ max-width: 20px } /* end table sign up */ .sucuri-widget-sub-nav.fixed{ z-index: 98 !important; } .sucuri-widget-hero-revamp-section.parent .wrapper .div2 img{ max-width: 480px; } .sucuri-widget-hero-revamp-section.parent .wrapper .div2{ margin: 0 auto; } @media(min-width: 1440px){ .sucuri-table-plans-security-three-revamp .sucuri-widget-platform-static-cards-widget .dropdown-content-table .shadow { position: absolute; top: 7px; width: 1044px; right: 20px; } } @keyframes marquee { 0% { transform: translateX(0); } 100% { transform: translateX(-50%); } } .marquee { overflow: hidden; background-color: #00BB9F; height: 31px; display: flex; align-items: center; position: relative; } .marquee-content { display: flex; width: max-content; animation: marquee 50s linear infinite; } .marquee-content div { white-space: nowrap; display: flex; align-items: center; margin-right: 20px; /* Extra Styling */ font-size: 17px; font-family: 'Titilium Web', Helvetica, Arial, sans-serif; font-weight: 500; color: #02141B; } .marquee-content div span { font-weight: 700; margin:0 4px; } </style> </head> <body class="guides-template-default single single-guides postid-10226 single-format-standard wp-custom-logo elementor-default elementor-kit-8778 elementor-page elementor-page-10226"> <script type="text/javascript">(function(a,b,c,d){a='//tags.tiqcdn.com/utag/gpl/sucuri/prod/utag.js';b=document;c='script';d=b.createElement(c);d.src=a;d.type='text/java'+c;d.async=true;a=b.getElementsByTagName(c)[0];a.parentNode.insertBefore(d,a)})();</script> <div data-elementor-type="header" data-elementor-id="10522" class="elementor elementor-10522 elementor-location-header" data-elementor-post-type="elementor_library"> <section class="elementor-section elementor-top-section elementor-element elementor-element-e6284d1 elementor-section-full_width elementor-section-height-default elementor-section-height-default" data-id="e6284d1" data-element_type="section" data-settings="{"sticky":"top","sticky_on":["desktop","tablet_extra","tablet","mobile"],"sticky_offset":0,"sticky_effects_offset":0,"sticky_anchor_link_offset":0}"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-49d7753" data-id="49d7753" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-d46c653 elementor-widget elementor-widget-html" data-id="d46c653" data-element_type="widget" data-widget_type="html.default"> <div class="elementor-widget-container"> <a href="https://sucuri.net/live-chat/"> <div class="marquee"> <div class="marquee-content"> <div>Get <span>15%</span>, <span>20%</span> or <span>30%</span> on your first year, discount on our plans just for black friday, chat now and stay safe</div> <div> <img src="https://sucuri.net/wp-content/uploads/2024/11/Offer.svg" alt="Offer"> </div> <div>Get <span>15%</span>, <span>20%</span> or <span>30%</span> on your first year, discount on our plans just for black friday, chat now and stay safe</div> <div> <img src="https://sucuri.net/wp-content/uploads/2024/11/Offer.svg" alt="Offer"> </div>  <div>Get <span>15%</span>, <span>20%</span> or <span>30%</span> on your first year, discount on our plans just for black friday, chat now and stay safe</div> <div> <img src="https://sucuri.net/wp-content/uploads/2024/11/Offer.svg" alt="Offer"> </div> <div>Get <span>15%</span>, <span>20%</span> or <span>30%</span> on your first year, discount on our plans just for black friday, chat now and stay safe</div> <div> <img src="https://sucuri.net/wp-content/uploads/2024/11/Offer.svg" alt="Offer"> </div> <div>Get <span>15%</span>, <span>20%</span> or <span>30%</span> on your first year, discount on our plans just for black friday, chat now and stay safe</div> <div> <img src="https://sucuri.net/wp-content/uploads/2024/11/Offer.svg" alt="Offer"> </div> <div>Get <span>15%</span>, <span>20%</span> or <span>30%</span> on your first year, discount on our plans just for black friday, chat now and stay safe</div> <div> <img src="https://sucuri.net/wp-content/uploads/2024/11/Offer.svg" alt="Offer"> </div> </div> </div> </a> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-5dd7eb5 elementor-section-height-min-height elementor-section-content-middle elementor-section-boxed elementor-section-height-default elementor-section-items-middle" data-id="5dd7eb5" data-element_type="section" id="header-container" data-settings="{"background_background":"classic","sticky":"top","sticky_on":["desktop","tablet_extra","tablet","mobile"],"sticky_offset":0,"sticky_effects_offset":0,"sticky_anchor_link_offset":0}"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-ff5a8e8" data-id="ff5a8e8" data-element_type="column" id="menu-column-one"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-b873b2a elementor-widget elementor-widget-theme-site-logo elementor-widget-image" data-id="b873b2a" data-element_type="widget" data-widget_type="theme-site-logo.default"> <div class="elementor-widget-container"> <a href="https://sucuri.net"> <img src="https://sucuri.net/wp-content/uploads/elementor/thumbs/Sucuri-Logo-qio221wlg9vvaaewra0jqjt8rf04jyn1vtdestgfmi.png" title="Sucuri Logo" alt="Sucuri" loading="lazy" /> </a> </div> </div> </div> </div> <div class="elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-42d43ff" data-id="42d43ff" data-element_type="column" id="menu-column-two"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-c6a03bd elementor-nav-menu__align-start elementor-nav-menu__text-align-center elementor-nav-menu--stretch elementor-widget-tablet__width-initial elementor-nav-menu--dropdown-tablet_extra elementor-nav-menu--toggle elementor-nav-menu--burger elementor-widget elementor-widget-nav-menu" data-id="c6a03bd" data-element_type="widget" id="header-main-menu" data-settings="{"submenu_icon":{"value":"<svg class=\"fa-svg-chevron-down e-font-icon-svg e-fas-chevron-down\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M207.029 381.476L12.686 187.132c-9.373-9.373-9.373-24.569 0-33.941l22.667-22.667c9.357-9.357 24.522-9.375 33.901-.04L224 284.505l154.745-154.021c9.379-9.335 24.544-9.317 33.901.04l22.667 22.667c9.373 9.373 9.373 24.569 0 33.941L240.971 381.476c-9.373 9.372-24.569 9.372-33.942 0z\"><\/path><\/svg>","library":"fa-solid"},"full_width":"stretch","layout":"horizontal","toggle":"burger"}" data-widget_type="nav-menu.default"> <div class="elementor-widget-container"> <nav aria-label="Menu" class="elementor-nav-menu--main elementor-nav-menu__container elementor-nav-menu--layout-horizontal e--pointer-none"> <ul id="menu-1-c6a03bd" class="elementor-nav-menu"><li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10468"><a href="https://sucuri.net/website-security/" class="elementor-item">Products</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10591"><a href="https://sucuri.net/website-security-platform/" class="elementor-sub-item">Website Security Platform</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10473"><a href="https://sucuri.net/website-firewall/" class="elementor-sub-item">Website Firewall</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10474"><a href="https://sucuri.net/custom/agency/" class="elementor-sub-item">Agency Plans</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10589"><a href="https://sucuri.net/custom/enterprise/" class="elementor-sub-item">Custom & Enterprise Plans</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10590"><a href="https://sucuri.net/partners/" class="elementor-sub-item">Partnerships</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10764"><a href="https://sucuri.net/developers/" class="elementor-sub-item">Junior Dev</a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10530"><a href="#" class="elementor-item elementor-item-anchor">Features</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10592"><a href="https://sucuri.net/malware-detection-scanning/" class="elementor-sub-item">Detection<small>Website Monitoring & Alerts</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10593"><a href="https://sucuri.net/intrusion-detection-system/" class="elementor-sub-item">Protection<small>Future Website Hacks</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10594"><a href="https://sucuri.net/website-performance/" class="elementor-sub-item">Performance<small>Speed Up Your Website</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10595"><a href="https://sucuri.net/website-malware-removal/" class="elementor-sub-item">Response<small>Help For Hacked Websites</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10596"><a href="https://sucuri.net/website-backups/" class="elementor-sub-item">Backups<small>Disaster Recovery Plan</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10597"><a href="https://sucuri.net/ecommerce-website-security/" class="elementor-sub-item">Ecommerce<small>Security For Online Stores</small></a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10531"><a href="#" class="elementor-item elementor-item-anchor">Resources</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10598"><a href="https://sucuri.net/guides/" class="elementor-sub-item">Guides</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10599"><a href="https://sucuri.net/webinars/" class="elementor-sub-item">Webinars</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10600"><a href="https://sucuri.net/infographics/" class="elementor-sub-item">Infographics</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10601"><a href="https://blog.sucuri.net/" class="elementor-sub-item">Blog</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10602"><a href="https://sitecheck.sucuri.net/" class="elementor-sub-item">SiteCheck</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10603"><a href="https://sucuri.net/reports/" class="elementor-sub-item">Reports</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10604"><a href="https://sucuri.net/email-courses/" class="elementor-sub-item">Email Courses</a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-11216"><a href="https://sucuri.net/ebooks/" class="elementor-sub-item">Ebooks</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10605"><a href="https://sucuri.net/technical-hub/" class="elementor-sub-item">Technical Hub</a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10532"><a href="https://sucuri.net/website-security-platform/signup/" class="elementor-item">Pricing</a></li> </ul> </nav> <div class="elementor-menu-toggle" role="button" tabindex="0" aria-label="Menu Toggle" aria-expanded="false"> <svg aria-hidden="true" role="presentation" class="elementor-menu-toggle__icon--open e-font-icon-svg e-eicon-menu-bar" viewBox="0 0 1000 1000" xmlns="http://www.w3.org/2000/svg"><path d="M104 333H896C929 333 958 304 958 271S929 208 896 208H104C71 208 42 237 42 271S71 333 104 333ZM104 583H896C929 583 958 554 958 521S929 458 896 458H104C71 458 42 487 42 521S71 583 104 583ZM104 833H896C929 833 958 804 958 771S929 708 896 708H104C71 708 42 737 42 771S71 833 104 833Z"></path></svg><svg aria-hidden="true" role="presentation" class="elementor-menu-toggle__icon--close e-font-icon-svg e-eicon-close" viewBox="0 0 1000 1000" xmlns="http://www.w3.org/2000/svg"><path d="M742 167L500 408 258 167C246 154 233 150 217 150 196 150 179 158 167 167 154 179 150 196 150 212 150 229 154 242 171 254L408 500 167 742C138 771 138 800 167 829 196 858 225 858 254 829L496 587 738 829C750 842 767 846 783 846 800 846 817 842 829 829 842 817 846 804 846 783 846 767 842 750 829 737L588 500 833 258C863 229 863 200 833 171 804 137 775 137 742 167Z"></path></svg> <span class="elementor-screen-only">Menu</span> </div> <nav class="elementor-nav-menu--dropdown elementor-nav-menu__container" aria-hidden="true"> <ul id="menu-2-c6a03bd" class="elementor-nav-menu"><li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10468"><a href="https://sucuri.net/website-security/" class="elementor-item" tabindex="-1">Products</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10591"><a href="https://sucuri.net/website-security-platform/" class="elementor-sub-item" tabindex="-1">Website Security Platform</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10473"><a href="https://sucuri.net/website-firewall/" class="elementor-sub-item" tabindex="-1">Website Firewall</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10474"><a href="https://sucuri.net/custom/agency/" class="elementor-sub-item" tabindex="-1">Agency Plans</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10589"><a href="https://sucuri.net/custom/enterprise/" class="elementor-sub-item" tabindex="-1">Custom & Enterprise Plans</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10590"><a href="https://sucuri.net/partners/" class="elementor-sub-item" tabindex="-1">Partnerships</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10764"><a href="https://sucuri.net/developers/" class="elementor-sub-item" tabindex="-1">Junior Dev</a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10530"><a href="#" class="elementor-item elementor-item-anchor" tabindex="-1">Features</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10592"><a href="https://sucuri.net/malware-detection-scanning/" class="elementor-sub-item" tabindex="-1">Detection<small>Website Monitoring & Alerts</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10593"><a href="https://sucuri.net/intrusion-detection-system/" class="elementor-sub-item" tabindex="-1">Protection<small>Future Website Hacks</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10594"><a href="https://sucuri.net/website-performance/" class="elementor-sub-item" tabindex="-1">Performance<small>Speed Up Your Website</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10595"><a href="https://sucuri.net/website-malware-removal/" class="elementor-sub-item" tabindex="-1">Response<small>Help For Hacked Websites</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10596"><a href="https://sucuri.net/website-backups/" class="elementor-sub-item" tabindex="-1">Backups<small>Disaster Recovery Plan</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10597"><a href="https://sucuri.net/ecommerce-website-security/" class="elementor-sub-item" tabindex="-1">Ecommerce<small>Security For Online Stores</small></a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10531"><a href="#" class="elementor-item elementor-item-anchor" tabindex="-1">Resources</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10598"><a href="https://sucuri.net/guides/" class="elementor-sub-item" tabindex="-1">Guides</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10599"><a href="https://sucuri.net/webinars/" class="elementor-sub-item" tabindex="-1">Webinars</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10600"><a href="https://sucuri.net/infographics/" class="elementor-sub-item" tabindex="-1">Infographics</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10601"><a href="https://blog.sucuri.net/" class="elementor-sub-item" tabindex="-1">Blog</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10602"><a href="https://sitecheck.sucuri.net/" class="elementor-sub-item" tabindex="-1">SiteCheck</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10603"><a href="https://sucuri.net/reports/" class="elementor-sub-item" tabindex="-1">Reports</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10604"><a href="https://sucuri.net/email-courses/" class="elementor-sub-item" tabindex="-1">Email Courses</a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-11216"><a href="https://sucuri.net/ebooks/" class="elementor-sub-item" tabindex="-1">Ebooks</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10605"><a href="https://sucuri.net/technical-hub/" class="elementor-sub-item" tabindex="-1">Technical Hub</a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10532"><a href="https://sucuri.net/website-security-platform/signup/" class="elementor-item" tabindex="-1">Pricing</a></li> </ul> </nav> </div> </div> </div> </div> <div class="elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-75d4b41 elementor-hidden-mobile" data-id="75d4b41" data-element_type="column" id="menu-column-three"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-aa77472 elementor-widget__width-initial elementor-widget-tablet__width-initial elementor-widget elementor-widget-html" data-id="aa77472" data-element_type="widget" data-widget_type="html.default"> <div class="elementor-widget-container"> <div class="float-right-next"> <div class="nav-bar ua-lg"> <ul class="nav"> <li> <a href="/website-security-platform/help-now/" class="mp-under-attack-button u-attack auto-track" data-gatrack="Button_Click, Top_Nav_Under_Attack">Immediate Help</a> </li> </ul> </div> <div class="nav-bar plt"> <div class="login"> <a href="https://dashboard.sucuri.net/login/" class="login mp-login-btn auto-track" data-gatrack="Button_Click, Top_Nav_Login">Login</a> <svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M16 17.667C18.7614 17.667 21 15.4284 21 12.667C21 9.90557 18.7614 7.66699 16 7.66699C13.2386 7.66699 11 9.90557 11 12.667C11 15.4284 13.2386 17.667 16 17.667Z" stroke="white" stroke-opacity="0.88" stroke-linecap="round" stroke-linejoin="round"/> <path d="M24.3333 24.3332C24.3333 20.6498 20.6016 17.6665 16 17.6665C11.3983 17.6665 7.66663 20.6498 7.66663 24.3332" stroke="white" stroke-opacity="0.88" stroke-linecap="round" stroke-linejoin="round"/> <path d="M26 1H6C3.23858 1 1 3.23858 1 6V26C1 28.7614 3.23858 31 6 31H26C28.7614 31 31 28.7614 31 26V6C31 3.23858 28.7614 1 26 1Z" stroke="#38B299" stroke-opacity="0.88" stroke-linecap="round" stroke-linejoin="round"/> </svg> <div class="login-drop-down inner-nav-bar"> <i class="pointer"></i> <div class="login-container"> <a href="https://dashboard.sucuri.net/login" class="login-btn" data-gatrack="Button_Click, Top_Nav_Login">Login</a> <div class="sign-up"> <p>New Customer? </p> <a href="/website-security-platform/signup/" style="padding: 0px">Sign up now.</a> </div> <ul> <li><a href="https://support.sucuri.net/support/?new" class="login-link">Submit a ticket</a></li> <li><a href="https://docs.sucuri.net/" class="login-link">Knowledge base</a></li> <li><a href="/live-chat/" class="login-link">Chat now</a></li> </ul> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </section> </div> <div data-elementor-type="wp-post" data-elementor-id="10226" class="elementor elementor-10226" data-elementor-post-type="guides"> <section class="elementor-section elementor-top-section elementor-element elementor-element-898812e elementor-section-stretched elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="898812e" data-element_type="section" data-settings="{"background_background":"gradient","stretch_section":"section-stretched"}"> <div class="elementor-background-overlay"></div> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6b601a2" data-id="6b601a2" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-d3015a6 elementor-widget elementor-widget-html" data-id="d3015a6" data-element_type="widget" data-widget_type="html.default"> <div class="elementor-widget-container"> <div class="navigation-wrapper d-none d-md-flex"> <ul class="nav nav-inline breadcrumb-list p-0 c-lg-12"> <li class="nav-item"><a href="/" title="Home" class="nav-link">Home</a></li> <li class="nav-item"><a href="/guides/" title="Guides" class="nav-link">Guides</a></li> <li class="nav-item active"><a href="/guides/how-to-clean-hacked-wordpress/" title="How to Clean a Hacked WordPress Site" class="nav-link">How to Clean a Hacked WordPress Site</a></li> </ul> </div> </div> </div> <div class="elementor-element elementor-element-c6daf6f elementor-widget__width-initial elementor-widget elementor-widget-heading" data-id="c6daf6f" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h1 class="elementor-heading-title elementor-size-default">How to Remove Malware & Clean a Hacked WordPress Site</h1> </div> </div> <div class="elementor-element elementor-element-19e39f7 elementor-widget__width-initial elementor-widget elementor-widget-heading" data-id="19e39f7" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-medium">Steps to find and remove malicious code, SEO spam, backdoors, and other hacks from WordPress.</h3> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-dd969d3 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="dd969d3" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-66 elementor-top-column elementor-element elementor-element-290c56e" data-id="290c56e" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-87ea3a4 elementor-widget elementor-widget-heading" data-id="87ea3a4" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Introduction</h2> </div> </div> <div class="elementor-element elementor-element-b3924cc elementor-widget elementor-widget-text-editor" data-id="b3924cc" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Sucuri has devoted years to helping WordPress administrators identify and fix their hacked websites. We have put together this guide to walk WordPress owners through the process of identifying and cleaning a WordPress hack. This is not meant to be an all-encompassing guide, but if followed, should help address many of the infections we see.</p> </div> </div> </div> </div> <div class="elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-0b50125" data-id="0b50125" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-969f173 elementor-widget elementor-widget-heading" data-id="969f173" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <p class="elementor-heading-title elementor-size-default">Contents</p> </div> </div> <div class="elementor-element elementor-element-56bac60 elementor-widget elementor-widget-table_contents" data-id="56bac60" data-element_type="widget" data-widget_type="table_contents.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-table-content"> <div class="tabs"> <div class="tab"> <input type="checkbox" id="Step 1: Find & Identify Hack"> <label class="tab-label" for="Step 1: Find & Identify Hack">Step 1: Find & Identify Hack</label> <div class="tab-content"> <ul> <li><a href="#scan-wordpress">1.1 Scan Your WordPress Site</a></li> <li><a href="#check-core-file-integrity">1.2 Check Core File Integrity</a></li> <li><a href="#check-recently-modified-files">1.3 Check Recently Modified Files</a></li> <li><a href="#check-google-diagnostics">1.4 Check Diagnostic Pages</a></li> </ul> </div> </div> </div> </div> </div> </div> <div class="elementor-element elementor-element-77eaf2d elementor-widget elementor-widget-table_contents" data-id="77eaf2d" data-element_type="widget" data-widget_type="table_contents.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-table-content"> <div class="tabs"> <div class="tab"> <input type="checkbox" id="Step 2: Remove WordPress Malware"> <label class="tab-label" for="Step 2: Remove WordPress Malware">Step 2: Remove WordPress Malware</label> <div class="tab-content"> <ul> <li><a href="#clean-hacked-files">2.1 Clean Hacked Website Files</a></li> <li><a href="#clean-hacked-database">2.2 Clean Hacked Database Tables</a></li> <li><a href="#secure-user-accounts">2.3 Secure User Accounts</a></li> <li><a href="#remove-backdoors">2.4 Remove Hidden Backdoors</a></li> <li><a href="#remove-malware-warnings">2.5 Remove Malware Warnings</a></li> </ul> </div> </div> </div> </div> </div> </div> <div class="elementor-element elementor-element-d104db6 elementor-widget elementor-widget-table_contents" data-id="d104db6" data-element_type="widget" data-widget_type="table_contents.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-table-content"> <div class="tabs"> <div class="tab"> <input type="checkbox" id="Step 3: Post-Hack Hardening"> <label class="tab-label" for="Step 3: Post-Hack Hardening">Step 3: Post-Hack Hardening</label> <div class="tab-content"> <ul> <li><a href="#patch-software">3.1 Patch Outdated Software</a></li> <li><a href="#change-passwords">3.2 Change Passwords</a></li> <li><a href="#harden-wordpress">3.3 Harden WordPress</a></li> <li><a href="#set-backups">3.4 Set Backups</a></li> <li><a href="#scan-computer">3.5 Scan Your Computer</a></li> <li><a href="#install-firewall">3.6 Install Firewall</a></li> </ul> </div> </div> </div> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-177fd9c elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="177fd9c" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-403c6b2" data-id="403c6b2" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-3b38ad3 elementor-widget elementor-widget-menu-anchor" data-id="3b38ad3" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="Step-1"></div> </div> </div> <div class="elementor-element elementor-element-188e37a elementor-widget elementor-widget-heading" data-id="188e37a" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">STEP 1</h2> </div> </div> <div class="elementor-element elementor-element-2f82375 elementor-widget elementor-widget-heading" data-id="2f82375" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Find and identify the WordPress hack</h2> </div> </div> <div class="elementor-element elementor-element-95c638f elementor-widget elementor-widget-menu-anchor" data-id="95c638f" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="scan-wordpress"></div> </div> </div> <div class="elementor-element elementor-element-351744f elementor-widget elementor-widget-heading" data-id="351744f" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">1.1 Scan your WordPress site for malware and signs of infection</h3> </div> </div> <div class="elementor-element elementor-element-f20c41e elementor-widget__width-initial elementor-widget elementor-widget-text-editor" data-id="f20c41e" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>The first step to removing malware from your WordPress site is to identify the type of hack. This will help you narrow down the infection to make it easier to find.</p><p>You can use tools that scan your site remotely to find malicious payloads and malware. For example, Sucuri has a free WordPress plugin that you can find in the official WordPress repository. You can also scan your site with tools online to find the location of malicious content and payloads.</p> </div> </div> <div class="elementor-element elementor-element-743dea6 elementor-widget__width-initial elementor-widget elementor-widget-text-editor" data-id="743dea6" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <h4>Scan WordPress for malware with Sitecheck:</h4><p>SiteCheck is a completely free option to <a href="https://sitecheck.sucuri.net/" target="_blank" rel="noopener">quickly scan your site for malware and other security issues</a>.</p><p>To get started, simply enter the URL of a website, click <b>Submit</b>, and SiteCheck will begin a remote scan of the domain’s public pages.</p> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-4747d40 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="4747d40" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-76481fc" data-id="76481fc" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-caa80fa elementor-widget elementor-widget-image" data-id="caa80fa" data-element_type="widget" data-widget_type="image.default"> <div class="elementor-widget-container"> <figure class="wp-caption"> <a href="https://sitecheck.sucuri.net/" target="_blank"> <img fetchpriority="high" decoding="async" width="640" height="162" src="https://sucuri.net/wp-content/uploads/2023/07/sitecheck_malware_scanner-768x194.png" class="attachment-medium_large size-medium_large wp-image-10366" alt="Scanning a website for malware with SiteCheck" srcset="https://sucuri.net/wp-content/uploads/2023/07/sitecheck_malware_scanner-768x194.png 768w, https://sucuri.net/wp-content/uploads/2023/07/sitecheck_malware_scanner-300x76.png 300w, https://sucuri.net/wp-content/uploads/2023/07/sitecheck_malware_scanner.png 1083w" sizes="(max-width: 640px) 100vw, 640px" /> </a> <figcaption class="widget-image-caption wp-caption-text">Enter a domain name into SiteCheck to scan for website malware and security issues. </figcaption> </figure> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-2a6863f elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="2a6863f" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e251ccf" data-id="e251ccf" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-494edff elementor-widget elementor-widget-text-editor" data-id="494edff" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>A remote scan will browse the site to identify potential security issues on your WordPress site. Some issues may not show up in a browser. Instead, they manifest on the server (i.e., backdoors, phishing, and server-based scripts). The most comprehensive approach to scanning includes <a href="https://docs.sucuri.net/website-monitoring/server-side-scanner/">remote and server-side scanners</a>. For more detailed results, you can have Sucuri’s team <a href="https://sucuri.net/website-security-platform/signup/" target="_blank" rel="noopener noreferrer">run a server-side scan</a> of your web property.</p><p>If the remote scanner isn’t able to find a payload, continue with other tests in this section. You can also manually review the <span class="bolder">iFrames / Links / Scripts</span> tab of the <a href="https://staging.sucuri.net/malware-detection-scanning/"><span class="bolder">Malware Scan</span></a> to look for unfamiliar or suspicious elements.</p><p>If you have multiple WordPress sites on the same server, we recommend scanning them all (you can also use<strong> <a class="res-anchor" href="https://sitecheck.sucuri.net/" target="_blank" rel="noopener noreferrer">SiteCheck</a> </strong>to do this).<strong> <a class="res-anchor" href="https://blog.sucuri.net/2017/07/cross-site-contamination-and-how-to-prevent-it.html" target="_blank" rel="noopener noreferrer">Cross-site contamination</a></strong> is one of the leading causes of reinfections. We encourage every website owner to <a href="https://sucuri.net/guides/php-fpm-vps-security-for-multiple-websites/" target="_blank" rel="noopener">isolate their sites in their own hosting environments</a>.</p><h4>To scan your site for page requests:</h4><ol><li>Visit the <strong><a class="res-anchor" href="https://www.webpagetest.org/" target="_blank" rel="noopener noreferrer">WebPage Test</a></strong> website.</li><li>Enter your website and click Start Test.</li><li>Click on the waterfall result.</li><li>Review the request details.</li><li>Note any suspicious or unrecognizable requests.</li></ol><p>This external tool provides insights into what is loading on your WordPress site. From here, you can review all page requests being made when your site is loaded which can help you narrow down any malicious/unwanted domains loading on your site.</p><h4>To review external domains loading on your site:</h4><p>There are a variety of different methods available to help you review externally loading domains for your website.</p><ul><li><strong>SiteCheck: </strong>Search for any suspicious domain names with<strong> <a class="res-anchor" href="https://sitecheck.sucuri.net/" target="_blank" rel="noopener noreferrer">SiteCheck</a></strong> to see if they are being blocklisted.</li><li><strong>Google:</strong> Search for Google results for a domain name using site:example.com within Google, then review the results. If you do not trust the domain, do not click on these results; simply review them to see if they might be related to your site’s code. (Example: Domains used by plugin authors, theme authors, etc.)</li><li><strong>URLScan.io:</strong> Search for URL results with<strong> <a class="res-anchor" href="https://urlscan.io/" target="_blank" rel="noopener noreferrer">URLScan.io</a></strong> to obtain a plethora of information about a site. You’ll be able to see where the site is hosted, what the requests are doing, and the overall behavior of the site without accessing it directly.</li><li><strong>VirusTotal:</strong> Search for results of a domain with VirusTotal, a free blocklist vendor checker. Results will be shown for the following items.<ul><li><strong>Detection:</strong> Check a website blocklist status from 70+ vendors</li><li><strong>Details:</strong> View the history and HTTP response from a site.</li><li><strong>Links:</strong> Review any outgoing links.</li><li><strong>Community:</strong> Review comments from the public about the safety of a site.</li></ul></li></ul> </div> </div> <div class="elementor-element elementor-element-27df168 elementor-widget elementor-widget-alert_sucuri" data-id="27df168" data-element_type="widget" data-widget_type="alert_sucuri.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-alert-sucuri type-2"> <div class="alert-sucuri-flex green-bg"> <div class="right-content"> <div class="headingContent"> <p class="headingTitle"><p>Pro Tip</p></p> </div> <div class="descriptionContent"> <p>If you do not recognize a domain name loading on your site and would like to research it, refrain from visiting the domain directly. Instead, perform the tips listed below to mitigate risk.</p> </div> </div> </div> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-317f470 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="317f470" data-element_type="section" data-settings="{"background_background":"gradient"}"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c6a8df5" data-id="c6a8df5" data-element_type="column" data-settings="{"background_background":"classic"}"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-8f01bef elementor-widget elementor-widget-heading" data-id="8f01bef" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Need help cleaning up malware from WordPress?</h2> </div> </div> <div class="elementor-element elementor-element-ecbe9f4 elementor-widget elementor-widget-text-editor" data-id="ecbe9f4" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p style="text-align: center;">Our professional incident response team can have your WordPress site cleaned quickly. We’re here for you 24/7/365!</p> </div> </div> <div class="elementor-element elementor-element-ebe9131 elementor-align-center elementor-mobile-align-left elementor-widget elementor-widget-button" data-id="ebe9131" data-element_type="widget" data-gatrack="Button_Click, WP_Guide_Get_Immediate_Help" data-widget_type="button.default"> <div class="elementor-widget-container"> <div class="elementor-button-wrapper"> <a class="elementor-button elementor-button-link elementor-size-sm" href="https://sucuri.net/website-security-platform/help-now/"> <span class="elementor-button-content-wrapper"> <span class="elementor-button-text">Get Immediate Help</span> </span> </a> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-ad492bb elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="ad492bb" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-42ff3d3" data-id="42ff3d3" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-bfdbc64 elementor-widget elementor-widget-menu-anchor" data-id="bfdbc64" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="check-core-file-integrity"></div> </div> </div> <div class="elementor-element elementor-element-85ad7a9 elementor-widget elementor-widget-heading" data-id="85ad7a9" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">1.2 Check core WordPress file integrity</h3> </div> </div> <div class="elementor-element elementor-element-90f256f elementor-widget elementor-widget-text-editor" data-id="90f256f" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>WordPress installations are made up of many core files that stay consistent between versions. Most core files within WordPress should never be modified. There are core files located within the webroot, along with the wp-includes and wp-admin directories. An integrity check will need to be performed to ensure that no core files have been maliciously modified.</p><p>There are a few different ways to manually check if core files have been modified on a CMS based website.</p><h4>How to compare two text files with Diffchecker:</h4><ol><li class=" typeid2">Visit the <strong><a class="res-anchor" href="https://www.diffchecker.com/" target="_blank" rel="noopener noreferrer">Diffchecker</a></strong> website.</li><li class="typeid2">Paste the clean core file text in the Original Text box.</li><li class="typeid2">Paste the modified core file text in the Changed Text box.</li><li class="typeid2">Select the Find Difference button towards the bottom.</li><li class="typeid2">Compare the differences in text.</li><li class="typeid2">Note down any suspicious code differences.</li></ol><p>If you notice modifications to your core file, it may be infected. Continue checking more core files as others may have also been infected. If nothing has been modified, your core files are clean.</p><h4>How to compare two files via SSH:</h4><ol><li>Log into your server via SSH.</li><li>Within a test directory, paste the clean core file text into a test .txt file.</li><li>Within the same test directory, paste the modified core file text into a new test .txt file.</li><li>Run the following command:<pre><code>$ diff test1.txt test2.txt</code></pre></li><li>If there are modifications, this file may be hacked.</li></ol><p>Sometimes, minor changes to these files may not indicate a hack — this is rare but can happen. However, obfuscated code in a core file is an indicator that there may be something malicious located there. Obfuscated code is written in such a way that requires decoding to understand, and is often used by attackers when trying to hide their malicious code.</p><p>If you come across obfuscated code in your files, here are some tools to help decode the content:</p><ul><li class="typeid2"><strong><a class="res-anchor" href="https://www.base64decode.org/" target="_blank" rel="noopener noreferrer">Base64 Decode:</a></strong> Decodes base64 encoded strings.</li><li class="typeid2"><strong><a class="res-anchor" href="https://www.unphp.net/" target="_blank" rel="noopener noreferrer">UnPHP:</a></strong> Decodes obfuscated malicious PHP code.</li><li class="typeid2"><strong><a class="res-anchor" href="https://charcode98.neocities.org/" target="_blank" rel="noopener noreferrer">CharCode Translator:</a></strong> Decodes CharCode.</li><li class="typeid2"><strong><a class="res-anchor" href="https://onlinephp.io/" target="_blank" rel="noopener noreferrer">OnlinePHP.io:</a></strong> Decodes and tests PHP co</li><li class="typeid2"><strong><a class="res-anchor" href="https://matthewfl.com/unPacker.html" target="_blank" rel="noopener noreferrer">UnPacker:</a></strong> Unpacks messy code.</li></ul> </div> </div> <div class="elementor-element elementor-element-169bc33 elementor-widget elementor-widget-menu-anchor" data-id="169bc33" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="check-recently-modified-files"></div> </div> </div> <div class="elementor-element elementor-element-f073b67 elementor-widget elementor-widget-heading" data-id="f073b67" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">1.3 Check for recently modified files</h3> </div> </div> <div class="elementor-element elementor-element-0a5ea9e elementor-widget elementor-widget-text-editor" data-id="0a5ea9e" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>New or recently modified files may be part of the hack. There are many ways to check recently modified files, like reviewing cPanel or SSH.</p><h4>How to check recently modified files via SSH with the ls command:</h4><ol><li>Log into your server via SSH and navigate to your site’s home directory.</li><li>Run the following command:<pre><code>$ ls -1tlah | head -10</code></pre></li><li>Review the most recently modified files, starting at the top.</li></ol><h4>How to check recently modified files via SSH with the find command:</h4><ol><li>Log into your server via SSH and navigate to your site’s home directory.</li><li>Run the following command:<pre><code>$ find . -type f -mtime -90</code></pre></li><li>Results will show an output with files that were modified within the last 90 days.</li><li>Review these files. Unfamiliar modifications within the last 90 days may be suspicious.</li></ol><h4>How to check recently modified files from cPanel:</h4><ol><li>Log into cPanel and navigate to <strong>File Manager.</strong></li><li>Navigate to your site’s home directory and click <strong>Last Modified.</strong></li><li>View files with recently modified dates, starting at the top.</li></ol><h4>How to check recently modified files with Filezilla:</h4><ol><li>Open the FileZilla client and connect to your website through FTP, FTPs, or sFTP.</li><li>In the top menu go to View and then select <strong>Filename filters…</strong></li><li>On the popup menu, select <strong>Edit filter rules…</strong></li><li>Select <strong>New</strong> to create a new filter.</li><li>Name your new filter how you will remember it, such as <strong>Date Filter</strong></li><li>Add the filter criteria. For <strong>Filter conditions:</strong> select <strong>Filter out items matching none of the following.</strong></li><li>Select <strong>Date</strong> from the first drop down and enter the date that matches what you are looking for in the format “YYYY-MM-DD”. Uncheck the box that says <strong>Directories</strong> and select <strong>OK.</strong><br />For example: If today is January 15th, 2022, and you want to find files that were modified within the last 15 days, you would put <strong>2022-01-01</strong> in the textbox.</li><li>Check the box next to your newly created filter, select Apply, and then select OK to close the window.</li></ol><p>This will filter out all files that were not modified within the last 15 days and will allow you to quickly look through each directory to see what was recently modified while searching for malware.</p><p>You will need to follow these steps to change the filter dates or start a new search.</p> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-34b52dc elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="34b52dc" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1692c3b" data-id="1692c3b" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-07165ab elementor-widget elementor-widget-menu-anchor" data-id="07165ab" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="check-google-diagnostics"></div> </div> </div> <div class="elementor-element elementor-element-d11fa49 elementor-widget elementor-widget-heading" data-id="d11fa49" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">1.4 Check Google diagnostic pages for warnings</h3> </div> </div> <div class="elementor-element elementor-element-874094b elementor-widget elementor-widget-text-editor" data-id="874094b" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>If your WordPress website has been hacked and <strong><a class="res-anchor" href="https://sucuri.net/guides/what-is-google-blocklist/" target="_blank" rel="noopener noreferrer">blocklisted by Google</a> </strong>or other website security authorities, you can use their diagnostic tools to check the security status of your website.</p><h4>How to check your Google Transparency Report:</h4><ol><li>Visit the <strong><a class="res-anchor" href="https://transparencyreport.google.com/safe-browsing/search" target="_blank" rel="noopener noreferrer">Safe Browsing Site Status</a></strong> website.</li><li>Enter your site URL and search.</li><li>On this page you can check:<ul><li><strong>Site Safety Details:</strong> Information about malicious redirects, spam and downloads.</li><li><strong>Testing Details:</strong> Most recent Google scan that found malware.</li></ul></li></ol><p>If you have added your site to any free webmaster tools, you can check their security ratings and reports for your website. If you do not already have accounts for these free monitoring tools, we highly recommend that you sign up:</p><ul><li><strong><a class="res-anchor" href="https://search.google.com/search-console/welcome?hl=en" target="_blank" rel="noopener noreferrer">Google Webmasters Central</a></strong></li><li><strong><a class="res-anchor" href="https://www.bing.com/toolbox/webmaster" target="_blank" rel="noopener noreferrer">Bing Webmaster Tools</a></strong></li><li><strong><a class="res-anchor" href="https://webmaster.yandex.com/" target="_blank" rel="noopener noreferrer">Yandex Webmaster</a></strong></li><li><strong><a class="res-anchor" href="https://safeweb.norton.com/" target="_blank" rel="noopener noreferrer">Norton SafeWeb</a></strong></li></ul><p>If your website is listed on any major blocklisting vendors, you can use VirusTotal to analyze the issue.</p><h4>How to check your website on VirusTotal:</h4><ol><li>Visit the<strong> <a class="res-anchor" href="https://www.virustotal.com/gui/home/upload" target="_blank" rel="noopener noreferrer">VirusTotal</a> </strong>website</li><li>Click the URL tab, enter your site URL, and search</li><li>On this page you can check:<ul><li><strong>Detection:</strong> Check a website blocklist status from 70+ vendors.</li><li><strong>Details:</strong> View the history and HTTP response from your site.</li><li><strong>Links</strong>: Review any outgoing links.</li><li><strong>Community:</strong> Review comments from the public about the safety of your site.</li></ul></li></ol> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-94dd1a2 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="94dd1a2" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8c0229f" data-id="8c0229f" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-6220250 elementor-widget elementor-widget-menu-anchor" data-id="6220250" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="Step-2"></div> </div> </div> <div class="elementor-element elementor-element-8a39d17 elementor-widget elementor-widget-heading" data-id="8a39d17" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">STEP 2</h2> </div> </div> <div class="elementor-element elementor-element-d4aabbd elementor-widget elementor-widget-heading" data-id="d4aabbd" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Remove malware from your WordPress site and database</h2> </div> </div> <div class="elementor-element elementor-element-cbc4d7b elementor-widget elementor-widget-text-editor" data-id="cbc4d7b" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Now that you know how to identify the location of malicious content, you can remove malware and have a clean working WordPress site again.</p><p>The steps listed below require access to the WordPress file structure and database. You will need access via sFTP/FTP/SSH to view your file structure, along with database credentials to access your database. <strong>Be sure to make a full website backup prior to proceed with these steps!</strong> <br /><br />If you are not familiar with manipulating database tables or editing PHP, please seek assistance from a professional Incident Response Team member who can <a href="https://sucuri.net/website-malware-removal/" target="_blank" rel="noopener">completely remove website malware</a> for you.</p> </div> </div> <div class="elementor-element elementor-element-4c5beb5 elementor-widget elementor-widget-alert_sucuri" data-id="4c5beb5" data-element_type="widget" data-widget_type="alert_sucuri.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-alert-sucuri type-2"> <div class="alert-sucuri-flex green-bg"> <div class="right-content"> <div class="headingContent"> <p class="headingTitle"><p>Pro Tip</p></p> </div> <div class="descriptionContent"> <p>The best way to remove malware and identify hacked files in WordPress is by comparing the current state of the site with an old and known to be clean backup. If a backup is available, you can use that to compare the two versions and identify what has been modified. A restore may be the fastest option to get your site functional again.</p> </div> </div> </div> </div> </div> </div> <div class="elementor-element elementor-element-007474f elementor-widget elementor-widget-menu-anchor" data-id="007474f" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="clean-hacked-files"></div> </div> </div> <div class="elementor-element elementor-element-fb2ac1e elementor-widget elementor-widget-heading" data-id="fb2ac1e" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">2.1 Clean hacked WordPress files</h3> </div> </div> <div class="elementor-element elementor-element-984d371 elementor-widget elementor-widget-text-editor" data-id="984d371" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>WordPress is made up of many files and folders that all work together to create a functional website. Most of these files are core files, which are consistent across installations of the same version.</p><p>If the infection is in your core files, you can fix the malware manually by downloading a fresh installation from the <strong><a href="https://wordpress.org/download/releases/" target="_blank" rel="noopener">official WordPress site</a></strong> and replacing each compromised file with clean copies. Just don’t overwrite your <strong>wp-config.php</strong> file or <strong>wp-content folder</strong> and ensure you have a working backup beforehand!</p><h4>How to clean hacked WordPress core files:</h4><ol><li>Note down the version of your WordPress site by viewing the file wp-includes/version.php.</li><li>Navigate to the official <strong><a href="https://wordpress.org/download/releases/" target="_blank" rel="noopener">WordPress site</a></strong> and download the version that matches your wp-includes/version.php file.</li><li>Extract the WordPress installation on your computer.</li><li>Log into your file structure either through sFTP/FTP or through your hosting account.</li><li>Replace each infected core file with a clean copy.</li></ol><h4>How to manually clean hacked WordPress plugin and theme files:</h4><ol><li>Download a clean plugin/theme copy from a working backup, or from the official WordPress site.</li><li>Extract the plugin/theme copy on your computer.</li><li>Log into your file structure either through sFTP/FTP or through your hosting account.</li><li>Replace the applicable plugin/theme folder within ./wp-content/plugins or ./wp-content/themes with the clean copy.</li><li>Open any custom or premium files (not in the official repository) with a text editor.</li><li>Remove any suspicious code from the custom files.</li><li>Test to verify the site is still operational after changes.</li></ol> </div> </div> <div class="elementor-element elementor-element-1c0e858 elementor-widget elementor-widget-alert_sucuri" data-id="1c0e858" data-element_type="widget" data-widget_type="alert_sucuri.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-alert-sucuri type-3"> <div class="alert-sucuri-flex yellow-bg"> <div class="right-content"> <div class="headingContent"> <p class="headingTitle"><p>Important</p></p> </div> <div class="descriptionContent"> <p>Restore a plugin or theme from a clean backup if they have been customized in any way to avoid erasing any changes you have made.</p> </div> </div> </div> </div> </div> </div> <div class="elementor-element elementor-element-cbe4a8c elementor-widget elementor-widget-text-editor" data-id="cbe4a8c" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <h4>How to clean a hacked WordPress plugin through the dashboard:</h4><ol><li>Log into your WordPress dashboard and navigate to the Installed Plugins section underneath Plugins.</li><li>Deactivate and delete the applicable plugins.</li><li>Install & activate each plugin from the dashboard or upload a clean copy from a working backup.</li></ol> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-61dc875 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="61dc875" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8c51e17" data-id="8c51e17" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-8e889b7 elementor-widget elementor-widget-alert_sucuri" data-id="8e889b7" data-element_type="widget" data-widget_type="alert_sucuri.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-alert-sucuri type-4"> <div class="alert-sucuri-flex red-bg"> <div class="right-content"> <div class="headingContent"> <p class="headingTitle"><p>Caution</p></p> </div> <div class="descriptionContent"> <p>Do not replace any content within the wp-content directory or replace the <strong>wp-config.php</strong> file.</p> </div> </div> </div> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-79ecb1b elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="79ecb1b" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0573e3e" data-id="0573e3e" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-3226ead elementor-widget elementor-widget-menu-anchor" data-id="3226ead" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="clean-hacked-database"></div> </div> </div> <div class="elementor-element elementor-element-f8cf378 elementor-widget elementor-widget-heading" data-id="f8cf378" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">2.2 Clean hacked database tables</h3> </div> </div> <div class="elementor-element elementor-element-e992243 elementor-widget elementor-widget-text-editor" data-id="e992243" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>To remove a malware infection from your WordPress database, use your database admin panel to connect to the database. You can also use tools like PHPMyAdmin or Adminer.</p><h4>How to manually remove a malware infection from your WordPress database:</h4><ol><li>Log into your database admin panel.</li><li>Make a backup of the database before making changes.</li><li>Search for suspicious content (i.e., spammy keywords, malicious links).</li><li>Open the row that contains suspicious content.</li><li>Manually remove any suspicious content.</li><li>Test to verify the site is still operational after changes.</li><li>Remove any database access tools you may have uploaded.</li></ol><p>Beginners can use the payload information provided by the malware scanner. Intermediate users can also manually look for common malicious PHP functions, such as eval, <strong>base64_decode, gzinflate, preg_replace, str_replace, etc.</strong></p><p>You may notice that your website was hacked on a certain date and unrecognizable spam posts were injected into your site. This may occur if an administrator’s password becomes compromised.</p> </div> </div> <div class="elementor-element elementor-element-00f3f4f elementor-widget elementor-widget-image" data-id="00f3f4f" data-element_type="widget" data-widget_type="image.default"> <div class="elementor-widget-container"> <img decoding="async" width="640" height="313" src="https://sucuri.net/wp-content/uploads/2023/07/18-sucuri-a-hacked-wordpress-database-example-768x375.png" class="attachment-medium_large size-medium_large wp-image-10368" alt="" srcset="https://sucuri.net/wp-content/uploads/2023/07/18-sucuri-a-hacked-wordpress-database-example-768x375.png 768w, https://sucuri.net/wp-content/uploads/2023/07/18-sucuri-a-hacked-wordpress-database-example-300x146.png 300w, https://sucuri.net/wp-content/uploads/2023/07/18-sucuri-a-hacked-wordpress-database-example.png 820w" sizes="(max-width: 640px) 100vw, 640px" /> </div> </div> <div class="elementor-element elementor-element-5ccad66 elementor-widget elementor-widget-alert_sucuri" data-id="5ccad66" data-element_type="widget" data-widget_type="alert_sucuri.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-alert-sucuri type-4"> <div class="alert-sucuri-flex red-bg"> <div class="right-content"> <div class="headingContent"> <p class="headingTitle"><p>Caution</p></p> </div> <div class="descriptionContent"> <p>Note that these functions are also used by plugins for legitimate reasons, so be sure you test changes or get help so you <strong>do not accidentally break your site</strong>. When dealing with database records, the data may not always be plainly simple to replace especially if its in the wp_options table.</p> </div> </div> </div> </div> </div> </div> <div class="elementor-element elementor-element-1e4389a elementor-widget elementor-widget-text-editor" data-id="1e4389a" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <h4>How to move WordPress posts to the trash after a certain date:</h4><ol><li>Log into your database admin panel.</li><li>Make a backup of the database before making changes.</li><li>Navigate to SQL Command at the top left.</li><li>Note down your WordPress database prefix. wp_ is most commonly used.</li><li>Note down what date the spam posts started.</li><li>Run the following SQL Command:<br /><br /><p><code>UPDATE `wp_posts` SET `post_status` = ‘trash’ WHERE `post_status` = ‘publish’ AND `post_type` = ‘post’ AND `post_date` > ‘2023/03/08’; <br /></code></p></li></ol> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-97c844f elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="97c844f" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1e18a5a" data-id="1e18a5a" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-9a04fff elementor-widget elementor-widget-alert_sucuri" data-id="9a04fff" data-element_type="widget" data-widget_type="alert_sucuri.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-alert-sucuri type-3"> <div class="alert-sucuri-flex yellow-bg"> <div class="right-content"> <div class="headingContent"> <p class="headingTitle"><p>Important</p></p> </div> <div class="descriptionContent"> <p>Make sure to replace the date in the SQL command above with the date applicable to when you noticed the spam posts started. In the example above, it will remove all posts that have a date of March 9th, 2023 and younger.</p><p>Also ensure that you match the format of the date with how your dashboard is displayed, which can be found at the top right of your posts section.</p> </div> </div> </div> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-546929f elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="546929f" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-dba4dda" data-id="dba4dda" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-a8628e7 elementor-widget elementor-widget-menu-anchor" data-id="a8628e7" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="secure-user-accounts"></div> </div> </div> <div class="elementor-element elementor-element-b6de944 elementor-widget elementor-widget-heading" data-id="b6de944" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">2.3 Secure WordPress user accounts</h3> </div> </div> <div class="elementor-element elementor-element-0bb5371 elementor-widget elementor-widget-text-editor" data-id="0bb5371" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Attackers will often create malicious admin users and/or FTP users to gain access back into your site at a later date, so it’s vital to review user account access through every possible entry point into your site. If a WordPress site becomes infected and is cleaned but the malicious admin/FTP users remain, the site will quickly become reinfected.</p><p>Remove any users you do not recognize so the hackers no longer have access, including:</p><ul><li>FTP Users</li><li>SSH Users</li><li>WordPress Admin</li><li>Users</li><li>Additional Database Users</li></ul><h4>How to manually remove suspicious users from WordPress:</h4><ol><li>Backup your site and database before proceeding.</li><li>Log into WordPress as an admin and click <strong>Users</strong>.</li><li>Find the suspicious new user accounts.</li><li>Hover over the suspicious user and click <strong>Delete</strong>.</li></ol><p>If a user has content associated with it, you will be prompted with the option to keep or remove any associated content. It is recommended that you keep the content and manage it afterwards to avoid any unintentional data loss.</p><p>If you believe any of your user accounts were compromised you can reset their passwords. One of the ways to do that is using the<strong> <a href="https://sucuri.net/wordpress-security-plugin/">Sucuri WordPress plugin</a></strong>.</p><p>We recommend assigning only one admin user and setting other user roles to the least amount of privileges needed (ie. contributor, author, editor).</p> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-0ceac14 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="0ceac14" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a49575e" data-id="a49575e" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-62b952f elementor-widget elementor-widget-alert_sucuri" data-id="62b952f" data-element_type="widget" data-widget_type="alert_sucuri.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-alert-sucuri type-1"> <div class="alert-sucuri-flex blue-bg"> <div class="right-content"> <div class="headingContent"> <p class="headingTitle"><p>Note</p></p> </div> <div class="descriptionContent"> <p>Certain malware infections will add malicious email accounts if available on a hosting platform. (For example, the <a href="https://sucuri.net/guides/anonymousfox-hack-guide/" target="_blank" rel="noopener">Anonymous Fox</a> infection.) Log into your hosting account and view the Email Accounts if applicable. Remove any users you do not recognize.</p> </div> </div> </div> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-3a3f2d2 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="3a3f2d2" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2e6b8d8" data-id="2e6b8d8" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-9d018a9 elementor-widget elementor-widget-menu-anchor" data-id="9d018a9" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="remove-backdoors"></div> </div> </div> <div class="elementor-element elementor-element-667ce42 elementor-widget elementor-widget-heading" data-id="667ce42" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">2.4 Remove hidden backdoors in your WordPress site</h3> </div> </div> <div class="elementor-element elementor-element-2cf4410 elementor-widget elementor-widget-text-editor" data-id="2cf4410" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <div class="elementor-element elementor-element-ed6dc62 elementor-widget elementor-widget-text-editor" data-id="ed6dc62" data-element_type="widget" data-widget_type="text-editor.default"><div class="elementor-widget-container"><p>Hackers always leave a way to get back into your site. More often than not, we find multiple backdoors of various types in hacked WordPress sites.</p><p>We regularly find backdoors embedded in files named similar to WordPress core files but located in the wrong directories. Attackers can also inject backdoors into files like wp-config.php and directories like wp-content/themes, wp-content/plugins, and wp-content/uploads.</p><h4>Backdoors commonly include the following PHP functions:</h4><ul><li>base64</li><li>str_rot13</li><li>gzuncompress</li><li>eval</li><li>exec</li><li>system</li><li>assert</li><li>stripslashes</li><li>reg_replace (with /e/)</li><li>move_uploaded_file</li></ul><p>These functions can also be used legitimately by plugins, so be sure to test any changes because you could break your site by removing benign functions or by not removing all of the malicious code.</p><p>The majority of malicious code we see in WordPress sites uses some form of encoding to prevent detection. Aside from premium components that use encoding to protect their authentication mechanism, it’s very rare to see encoding in the official WordPress repository.</p><p>It is critical that all backdoors are closed to successfully stop a WordPress hack, otherwise your site will be reinfected quickly.</p></div></div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-fa97b41 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="fa97b41" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-798b418" data-id="798b418" data-element_type="column"> <div class="elementor-widget-wrap"> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-78b02c3 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="78b02c3" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9688aee" data-id="9688aee" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-3287fb0 elementor-widget elementor-widget-menu-anchor" data-id="3287fb0" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="remove-malware-warnings"></div> </div> </div> <div class="elementor-element elementor-element-11c030f elementor-widget elementor-widget-heading" data-id="11c030f" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">2.5 Remove malware warnings</h3> </div> </div> <div class="elementor-element elementor-element-05b1cd9 elementor-widget elementor-widget-text-editor" data-id="05b1cd9" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <div data-id="ed6dc62" data-element_type="widget" data-widget_type="text-editor.default"><div><div data-id="b7b4fb9" data-element_type="widget" data-widget_type="text-editor.default"><div><p>If you were <a href="https://sucuri.net/guides/how-to-remove-google-blocklist-warning/" target="_blank" rel="noopener">blocklisted by Google</a>, McAfee, Yandex (or any other vendor), you can request a review after your WordPress site has been cleaned and the hack has been fixed. You will need to fill in a review request form for each blocklisting authority.</p></div></div></div></div> </div> </div> <div class="elementor-element elementor-element-3408aac elementor-widget elementor-widget-image" data-id="3408aac" data-element_type="widget" data-widget_type="image.default"> <div class="elementor-widget-container"> <figure class="wp-caption"> <img decoding="async" width="640" height="194" src="https://sucuri.net/wp-content/uploads/2023/07/Deceptive-site-ahead-768x233.png" class="attachment-medium_large size-medium_large wp-image-10369" alt="Example of chrome warning for deceptive website" srcset="https://sucuri.net/wp-content/uploads/2023/07/Deceptive-site-ahead-768x233.png 768w, https://sucuri.net/wp-content/uploads/2023/07/Deceptive-site-ahead-300x91.png 300w, https://sucuri.net/wp-content/uploads/2023/07/Deceptive-site-ahead.png 1400w" sizes="(max-width: 640px) 100vw, 640px" /> <figcaption class="widget-image-caption wp-caption-text">Example of Chrome warning for phishing infected website. </figcaption> </figure> </div> </div> <div class="elementor-element elementor-element-b5a66e7 elementor-widget elementor-widget-text-editor" data-id="b5a66e7" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <div data-id="ed6dc62" data-element_type="widget" data-widget_type="text-editor.default"><div><div data-id="910fbc3" data-element_type="widget" data-widget_type="text-editor.default"><div><h4>How to remove malware warnings for your site:</h4><ol><li>Call your hosting company and ask them to remove the suspension if your website has been suspended by your hosting provider. You may need to provide details about how you removed the malware.</li><li>Fill in a review request form for each blocklisting authority. We’ve created useful guides on how to <a href="https://sucuri.net/guides/how-to-remove-google-blocklist-warning/" target="_blank" rel="noopener">remove Google warnings</a> or <a href="https://sucuri.net/guides/how-to-remove-mcafee-siteadvisor-blocklist-warning/" target="_blank" rel="noopener">fix McAfee SiteAdvisor warnings</a>, but you may also need to check other popular search authorities like Bing, Norton, or Yandex.</li></ol></div></div></div></div> </div> </div> <div class="elementor-element elementor-element-42dfb4a elementor-widget elementor-widget-alert_sucuri" data-id="42dfb4a" data-element_type="widget" data-widget_type="alert_sucuri.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-alert-sucuri type-2"> <div class="alert-sucuri-flex green-bg"> <div class="right-content"> <div class="headingContent"> <p class="headingTitle"><p>Need help?</p></p> </div> <div class="descriptionContent"> <p>The<strong> <a href="https://sucuri.net/website-security-platform/signup/">Sucuri Website Security Platform</a></strong> submits blocklist and malware warning removal requests on your behalf. This helps ensure your site is absolutely ready for review.</p> </div> </div> </div> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-b88a7d3 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="b88a7d3" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-62498c8" data-id="62498c8" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-a5c0b73 elementor-widget elementor-widget-menu-anchor" data-id="a5c0b73" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="Step-3"></div> </div> </div> <div class="elementor-element elementor-element-2e9a94f elementor-widget elementor-widget-heading" data-id="2e9a94f" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">STEP 3</h2> </div> </div> <div class="elementor-element elementor-element-53c08ba elementor-widget elementor-widget-heading" data-id="53c08ba" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Protect your WordPress site from future hacks</h2> </div> </div> <div class="elementor-element elementor-element-9afdc45 elementor-widget elementor-widget-text-editor" data-id="9afdc45" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> In this final step, you will learn how to fix the issues that caused your WordPress to be hacked in the first place. You will also perform essential steps<strong><a class="res-anchor" href="https://sucuri.net/guides/wordpress-security/" rel="noopener noreferrer"> to enhance the security of your WordPress site</strong>.</a> </div> </div> <div class="elementor-element elementor-element-b9ae1d2 elementor-widget elementor-widget-menu-anchor" data-id="b9ae1d2" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="patch-software"></div> </div> </div> <div class="elementor-element elementor-element-6e4feb9 elementor-widget elementor-widget-heading" data-id="6e4feb9" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">3.1 Patch out-of-date software</h3> </div> </div> <div class="elementor-element elementor-element-807181b elementor-widget elementor-widget-text-editor" data-id="807181b" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Outdated software is one of the leading causes of infections. This includes the WordPress version, plugins, themes, and any other pieces of software installed on the site. Critical vulnerability patches are released often by plugin and theme authors and it is crucial to stay up to date on the latest updates.</p><p>Update all software on your server (i.e., Apache, cPanel, PHP) to ensure that there are no security patches missing.</p><p>This includes:</p><ul><li>Out of date plugins</li><li>Out of date themes</li><li>Apache version</li><li>PHP version</li><li>WHM/cPanel version</li><li>WordPress version</li></ul><p>It is advisable to reinstall all plugins and extensions after a hack to ensure they are functional and free of residual malware.</p> </div> </div> <div class="elementor-element elementor-element-c9c05e9 elementor-widget elementor-widget-alert_sucuri" data-id="c9c05e9" data-element_type="widget" data-widget_type="alert_sucuri.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-alert-sucuri type-2"> <div class="alert-sucuri-flex green-bg"> <div class="right-content"> <div class="headingContent"> <p class="headingTitle"><p>Pro Tip</p></p> </div> <div class="descriptionContent"> <p>Create a working backup before updating software, as sometimes incompatible software updates can break your site.</p> </div> </div> </div> </div> </div> </div> <div class="elementor-element elementor-element-010f16b elementor-widget elementor-widget-text-editor" data-id="010f16b" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <h4>How to update out of date software through the WordPress Dashboard:</h4><ol><li>Log into your WordPress dashboard and hover over Dashboard at the top left, then select Updates.</li><li>Update all plugins and themes.</li><li>Update your WordPress version, if applicable.</li><li>You can reinstall the WordPress version from this page to replace all core files if needed.</li></ol><h4>How to update plugins & themes manually:</h4><ol><li>Log into your server via SFTP or SSH.</li><li>Manually remove and replace plugins and themes with copies from official sources.</li><li>Log into WordPress as an admin and click <strong>Dashboard > Updates</strong>.</li><li>Apply any missing updates.</li><li>Open your website to verify it is operational.</li></ol><h4>Remove unused software</h4><p>Tidy up your environment by removing any pieces of software that are not in use. This creates fewer entry points for attackers and keeps things clean and tidy.</p><p>Before removing any items, ensure that you are removing software that is not needed for the functionality of your website. Make sure to have a working backup that you can restore from before removing any unused software.</p><p><strong>Review and remove the following:</strong></p><ul><li>Unused plugins</li><li>Unused themes</li><li>Database management tools</li></ul> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-8a78e86 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="8a78e86" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2c28b54" data-id="2c28b54" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-c42367d elementor-widget elementor-widget-alert_sucuri" data-id="c42367d" data-element_type="widget" data-widget_type="alert_sucuri.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-alert-sucuri type-2"> <div class="alert-sucuri-flex green-bg"> <div class="right-content"> <div class="headingContent"> <p class="headingTitle"><p>Pro Tip</p></p> </div> <div class="descriptionContent"> <p>You can deactivate a plugin or theme first and test the functionality of your website before deleting unused software.</p> </div> </div> </div> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-df2dcb6 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="df2dcb6" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ae2ad26" data-id="ae2ad26" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-dabdeed elementor-widget elementor-widget-menu-anchor" data-id="dabdeed" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="change-passwords"></div> </div> </div> <div class="elementor-element elementor-element-242fd79 elementor-widget elementor-widget-heading" data-id="242fd79" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">3.2 Change user passwords to prevent reinfection</h3> </div> </div> <div class="elementor-element elementor-element-e3c3ea0 elementor-widget elementor-widget-text-editor" data-id="e3c3ea0" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>It is critical that you change passwords for all access points to your WordPress site. This includes WordPress user accounts, FTP/SFTP, SSH, cPanel, and your database.</p><p>You should reduce the number of admin accounts for all of your systems to the absolute minimum. Practice the concept of<strong> <a class="res-anchor" href="https://blog.sucuri.net/2017/04/the-principle-of-least-privilege.html" target="_blank" rel="noopener noreferrer">least privilege</a></strong>. Only give people the access they require to do the job they need for just as long as they need it.</p><p>All accounts should use strong passwords. A good password is built around three components – complexity, length, and uniqueness. You can generate a secure password with<strong> <a class="res-anchor" href="https://passwordsgenerator.net/" target="_blank" rel="noopener noreferrer">Passwords Generator</a></strong> and utilize a password manager to keep track of your passwords.</p><h4>Generate new secret keys</h4><p>Once the passwords are reset, you can force all users to log off using our plugin. WordPress uses browser cookies to keep user sessions active for two weeks. If an attacker has a session cookie, they will retain access to the website even after a password is reset.</p><p>To fix this, we recommend forcing active users off by <a href="https://blog.sucuri.net/2023/06/what-are-wordpress-salts-security-keys.html" target="_blank" rel="noopener">resetting WordPress secret keys.</a></p><h5>How to generate new secret keys in the wp-config.php file using Sucuri:</h5><ol><li>Open the WordPress<strong> wp-config.php</strong> file.</li><li>Add a value of 60+ unique characters for each key and salt.</li><li>You can use a <strong><a class="res-anchor" href="https://api.wordpress.org/secret-key/1.1/salt/" target="_blank" rel="noopener noreferrer">secret key generator</a></strong>.</li><li>Save the <strong>wp-config.php</strong> file.</li></ol> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-33f484b elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="33f484b" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3ed9b27" data-id="3ed9b27" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-92e25d4 elementor-widget elementor-widget-menu-anchor" data-id="92e25d4" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="harden-wordpress"></div> </div> </div> <div class="elementor-element elementor-element-bef4e4f elementor-widget elementor-widget-heading" data-id="bef4e4f" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">3.3 Harden your WordPress site</h3> </div> </div> <div class="elementor-element elementor-element-41ca950 elementor-widget elementor-widget-text-editor" data-id="41ca950" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>To harden a server or application means that you take steps to reduce the attack surface or entry points for attackers.</p><p>There are countless ways to harden your website. Check out these recommendations to protect and defend your WordPress site against malware and attacks.</p><h5>Reduce the number of entry points</h5><p>Only allow the public to access parts of your website that are intended for public usage. Deny entry to all other sections of your site with server configuration rules or a web application firewall.</p><h5>Keep your website & server updated</h5><div>Out of date software is one of the leading causes of infection and reinfection. Be sure to stay on top of software and server updates to better protect your site.</div><h5>Use secure passwords and multi-factor authentication</h5><div>Use long, secure, and random passwords for FTP and administrative access. Restrict access to administrative panels by requiring multi-factor authentication.</div><h5>Isolate your website</h5><div><strong><a class="res-anchor" href="https://blog.sucuri.net/2020/01/what-is-cross-site-contamination.html" target="_blank" rel="noopener noreferrer">Cross contamination</a> </strong>is a leading cause of infections & reinfections. We recommend isolating each website into their own hosting plan to avoid malware from spreading. It only takes one compromised admin password to infect each site if housed on the same hosting plan.</div><h5>To minimize the chances of cross contamination, follow the steps below:</h5><ul><li>Backup and remove unused websites.</li><li>Migrate each website into their own isolated hosting plan.</li><li>Use a dedicated user for each website. This allows only the dedicated user to access, modify, and delete files of the site it is assigned to.</li></ul><p>You can also review our <a href="https://blog.sucuri.net/2023/07/how-to-harden-wordpress-a-basic-overview.html" target="_blank" rel="noopener">basic WordPress hardening steps</a> post for more details. Some highlights from this article include:</p><ul><li><a href="https://blog.sucuri.net/2023/07/how-to-harden-wordpress-a-basic-overview.html#step1" target="_blank" rel="noopener">Multi-factor authentication</a></li><li><a href="https://blog.sucuri.net/2023/07/how-to-harden-wordpress-a-basic-overview.html#step2" target="_blank" rel="noopener">Restricting access to IPs</a></li><li><a href="https://blog.sucuri.net/2023/07/how-to-harden-wordpress-a-basic-overview.html#step5" target="_blank" rel="noopener">Limiting logins in WordPress</a></li></ul><p>There are countless ways to harden WordPress depending on your needs. We recommend reviewing the <strong><a class="res-anchor" href="https://wordpress.org/support/article/hardening-wordpress/" target="_blank" rel="noopener noreferrer">WordPress Codex</a></strong> if you want to research additional hardening methods. See the<strong> <a class="res-anchor" href="#iwaf">Website Firewall</a></strong> section below for more information about how we offer virtual patching and hardening.</p> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-846ed34 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="846ed34" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b428abf" data-id="b428abf" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-48d59c5 elementor-widget elementor-widget-menu-anchor" data-id="48d59c5" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="set-backups"></div> </div> </div> <div class="elementor-element elementor-element-68d571e elementor-widget elementor-widget-heading" data-id="68d571e" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">3.4 Schedule regular backups for your WordPress site</h3> </div> </div> <div class="elementor-element elementor-element-353c854 elementor-widget elementor-widget-text-editor" data-id="353c854" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Backups function as a safety net. Now that your WordPress site is clean and you’ve taken some important post-hack steps, make a backup! Having a<strong> <a class="res-anchor" href="https://blog.sucuri.net/2018/06/website-backups.html" target="_blank" rel="noopener noreferrer">good backup strategy</a></strong> is at the core of a good security posture.</p><h4>Tips to help you with WordPress backups:</h4><ul><li><strong>Location: </strong>Store your backups in an off-site location. Never store backups or old versions on your server, as these can be utilized as entry points for attackers if not maintained properly. It is important to keep working backups in many different locations, as you never know what can go wrong.</li><li><strong>Automatic: </strong>Your backup solution should run automatically at a frequency that suits the needs of your website. For example, if your website is a news based site that is updated frequently, your backups need to run frequently as well.</li><li><strong>Redundancy: </strong>This is a strategy used to ensure there are emergency backups of critical data if something catastrophic were to occur. Make sure to have working backups and then make copies of those working backups.</li><li><strong>Testing: </strong>Ensure that your backups are clean from malware and function if you need to restore. Do not rely on backups unless they have been tested first.</li><li><strong>File Types: </strong>Some backup solutions exclude certain file types such as videos and archives, as they can be large. Make sure that everything is included in your backup once performed.</li></ul> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-86ef015 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="86ef015" data-element_type="section" data-settings="{"background_background":"gradient"}"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2bec2da" data-id="2bec2da" data-element_type="column" data-settings="{"background_background":"classic"}"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-c59b0cd elementor-widget elementor-widget-heading" data-id="c59b0cd" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Did you know</h2> </div> </div> <div class="elementor-element elementor-element-f1a0a23 elementor-widget elementor-widget-text-editor" data-id="f1a0a23" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p style="text-align: center;">Sucuri offers its customers an affordable system for secure website backups.</p> </div> </div> <div class="elementor-element elementor-element-e7c911a elementor-align-center elementor-mobile-align-left elementor-widget elementor-widget-button" data-id="e7c911a" data-element_type="widget" data-gatrack="Button_Click, WP_Guide_Get_Immediate_Help" data-widget_type="button.default"> <div class="elementor-widget-container"> <div class="elementor-button-wrapper"> <a class="elementor-button elementor-button-link elementor-size-sm" href="https://sucuri.net/website-backups/"> <span class="elementor-button-content-wrapper"> <span class="elementor-button-text">Learn More</span> </span> </a> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-797e6ed elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="797e6ed" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7d3e81c" data-id="7d3e81c" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-d34c1d6 elementor-widget elementor-widget-menu-anchor" data-id="d34c1d6" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="scan-computer"></div> </div> </div> <div class="elementor-element elementor-element-c040720 elementor-widget elementor-widget-heading" data-id="c040720" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">3.5 Scan your computer for malware</h3> </div> </div> <div class="elementor-element elementor-element-b829a15 elementor-widget elementor-widget-text-editor" data-id="b829a15" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Have all WordPress users run a scan with a reputable antivirus program on their operating systems.</p><p>WordPress can be compromised if a user with an infected computer has access to the dashboard. Some infections are designed to jump from a computer into<strong> <a href="https://blog.sucuri.net/2014/10/threat-introduced-via-browser-extensions.html" target="_blank" rel="noopener noreferrer">text editors</a></strong> or FTP clients.</p><h5>Paid Antivirus Programs:</h5><ul><li>Bitdefender</li><li>Kaspersky</li><li>Sophos</li><li>F-Secure.</li></ul><h5>Free Antivirus Programs:</h5><ul><li><a href="https://www.malwarebytes.com/" target="_blank" rel="noopener">Malwarebytes</a></li><li><strong><a href="https://www.avast.com/en-in/index#pc" target="_blank" rel="noopener">Avast</a></strong></li><li><strong><a href="https://support.microsoft.com/en-us/windows/what-is-microsoft-security-essentials-c25ad47a-7d15-8072-1438-b07dffcbbb20" target="_blank" rel="noopener">Microsoft Security</a></strong></li><li><strong><a href="https://www.avira.com/" target="_blank" rel="noopener">Avira</a></strong></li></ul><p>If your computer isn’t clean, your website can be reinfected easily.</p> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-186035d elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="186035d" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e752274" data-id="e752274" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-83fae60 elementor-widget elementor-widget-alert_sucuri" data-id="83fae60" data-element_type="widget" data-widget_type="alert_sucuri.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-alert-sucuri type-2"> <div class="alert-sucuri-flex green-bg"> <div class="right-content"> <div class="headingContent"> <p class="headingTitle"><p>Pro Tip</p></p> </div> <div class="descriptionContent"> <p>You should have only one antivirus actively protecting your system to avoid conflicts.</p> </div> </div> </div> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-a08837d elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="a08837d" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-dad4d1f" data-id="dad4d1f" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-dbc4a88 elementor-widget elementor-widget-menu-anchor" data-id="dbc4a88" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="install-firewall"></div> </div> </div> <div class="elementor-element elementor-element-64cf6ed elementor-widget elementor-widget-heading" data-id="64cf6ed" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h3 class="elementor-heading-title elementor-size-default">3.6 Use a website firewall to help prevent malware</h3> </div> </div> <div class="elementor-element elementor-element-30d3608 elementor-widget elementor-widget-text-editor" data-id="30d3608" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>The number of vulnerabilities exploited by attackers grows every day. Trying to keep up can be challenging for administrators.<strong> <a class="res-anchor" href="https://sucuri.net/website-firewall/wordpress-firewall/" target="_blank" rel="noopener noreferrer">Website Firewalls</a></strong> were invented to provide a perimeter defense system surrounding your WordPress site, and can help filter out malicious requests to your server.</p><p>Benefits to using a website firewall include:</p><ul><li><strong>Prevent a Future Hack: </strong>By<strong> <a class="res-anchor" href="https://sucuri.net/website-hack-protection/" target="_blank" rel="noopener noreferrer">detecting and stopping known hacking methods</a> </strong>and behaviors, a website firewall can keep your site protected against future attacks.</li><li><strong>Virtual Security Update: </strong>Hackers quickly exploit vulnerabilities in plugins and themes, and unknown ones are always emerging (called<strong> <a class="res-anchor" href="https://sucuri.net/zero-day-attack-prevention/" target="_blank" rel="noopener noreferrer">zero-day exploits</a></strong>). A good website firewall will patch your holes in your website software even if you haven’t applied security updates.</li><li><strong>Block Brute Force Attacks: </strong>A website firewall should stop anyone from accessing your wp-admin or wp-login page if they aren’t supposed to be there, making sure they can’t use brute force automation to guess your password. Multiple features are used to help<strong> <a class="res-anchor" href="https://sucuri.net/website-firewall-a/stop-brute-force-attacks/" target="_blank" rel="noopener noreferrer">prevent brute force attacks</a></strong>, such as: Time delays, limiting login attempts, blocklisting IP addresses, and more.</li><li><strong>Mitigate DDoS Attacks: </strong>Distributed Denial of Service attacks attempt to overload your server or application resources. By<strong> <a class="res-anchor" href="https://sucuri.net/ddos-protection/" target="_blank" rel="noopener noreferrer">detecting and blocking all types of DDoS attacks</a></strong>, a website firewall makes sure your site is available if you are being attacked with a high volume of fake visits.</li><li><strong>Performance Optimization: </strong>Most WAFs will offer<strong> <a class="res-anchor" href="https://sucuri.net/website-performance/" target="_blank" rel="noopener noreferrer">caching for faster global page speed</a></strong>. This keeps your visitors happy and is proven to lower bounce rates while improving website engagement, conversions, and search engine rankings.</li></ul> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-af22f44 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="af22f44" data-element_type="section" data-settings="{"background_background":"gradient"}"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1cd3901" data-id="1cd3901" data-element_type="column" data-settings="{"background_background":"classic"}"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-5f10e1d elementor-widget elementor-widget-heading" data-id="5f10e1d" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Did you know</h2> </div> </div> <div class="elementor-element elementor-element-009b708 elementor-widget elementor-widget-text-editor" data-id="009b708" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p style="text-align: center;">The Sucuri Firewall can help you protect your WordPress website by blocking bad bots, virtually patching known vulnerabilities, and mitigating DDoS attacks.</p> </div> </div> <div class="elementor-element elementor-element-2f57cae elementor-align-center elementor-mobile-align-left elementor-widget elementor-widget-button" data-id="2f57cae" data-element_type="widget" data-gatrack="Button_Click, WP_Guide_Get_Immediate_Help" data-widget_type="button.default"> <div class="elementor-widget-container"> <div class="elementor-button-wrapper"> <a class="elementor-button elementor-button-link elementor-size-sm" href="https://sucuri.net/website-firewall/signup/"> <span class="elementor-button-content-wrapper"> <span class="elementor-button-text">Learn More</span> </span> </a> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-39e3a84 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="39e3a84" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7d39855" data-id="7d39855" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-06543d6 elementor-widget elementor-widget-heading" data-id="06543d6" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Video Tutorial: How to Remove Malware & Clean a Hacked WordPress Site</h2> </div> </div> <div class="elementor-element elementor-element-09f007a elementor-widget elementor-widget-text-editor" data-id="09f007a" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Looking for a video tutorial? <span class="yt-core-attributed-string yt-core-attributed-string--white-space-pre-wrap"><span class="yt-core-attributed-string--link-inherit-color" style="color: #131313;">Follow Sucuri Remediation Team Lead, Ben Martin, through the steps needed to clean your WordPress site and minimize attack time.</span></span></p> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-1d58311 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="1d58311" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e990eee" data-id="e990eee" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-a7aad52 elementor-widget elementor-widget-video" data-id="a7aad52" data-element_type="widget" data-settings="{"youtube_url":"https:\/\/youtu.be\/a6UwUU-3B3w?si=_-o8p9prFhmIqBua","lazy_load":"yes","video_type":"youtube","controls":"yes"}" data-widget_type="video.default"> <div class="elementor-widget-container"> <div class="elementor-wrapper elementor-open-inline"> <div class="elementor-video"></div> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-0b95ffb elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="0b95ffb" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6899961" data-id="6899961" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-c07ec27 elementor-widget elementor-widget-heading" data-id="c07ec27" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Why do WordPress sites get hacked?</h2> </div> </div> <div class="elementor-element elementor-element-4bc88d7 elementor-widget elementor-widget-text-editor" data-id="4bc88d7" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>WordPress is the most widely used Content Management System on the web. More than 40% of the websites online use WordPress, which makes it a prime target for attackers. There are many different types of hacks that target WordPress sites, ranging from spam infections to more complicated credit card stealer attacks.</p><p>Here are a few common reasons why a website might be hacked.</p><h4>Vulnerable CMS, plugins, or themes</h4><p>Attackers regularly leverage vulnerabilities in CMS and third-party components to compromise websites. Automated attacks targeting known website vulnerabilities are one of the leading causes of hacked websites. Always keep your CMS and third-party components updated with the latest patch.</p><h4>Weak passwords</h4><p>Brute force attacks guess thousands of login combinations to obtain unauthorized access to a website. If you’re using weak or easily guessable credentials on your website or database, you’re much more likely to fall victim to a brute force attack — especially if you’re not using a website firewall to prevent it.</p><h4>Incorrect file permissions</h4><p>Your web server uses a number of rules to control access to website files. If file permissions are too relaxed, hackers are easily able to modify website files.</p> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-1f5a7a3 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="1f5a7a3" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-dda67e1" data-id="dda67e1" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-80c51ad elementor-widget elementor-widget-heading" data-id="80c51ad" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Signs that your WordPress website is hacked</h2> </div> </div> <div class="elementor-element elementor-element-bfef2c5 elementor-widget elementor-widget-text-editor" data-id="bfef2c5" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>How do you know if your website has been compromised? There are a handful of obvious signs and symptoms to look out for.</p><ol><li><strong>Your security plugin or file integrity monitoring has notified you of an unexpected change in your environment or website files.</strong> If you’ve found changes to core system files or your security plugin has notified you of unexpected file changes, this is a sign that an attacker may have modified your website files to send spam emails, create <a href="https://blog.sucuri.net/2022/05/examining-emerging-backdoors.html">website backdoors</a>, or run malicious code. Any new files with suspicious looking names or server-side scripts in upload directories are a major red flag that your website has been compromised.</li><li class="lh-1_7"><strong>Your hosting provider has contacted you with notifications about unusual account activity or has disabled your website.</strong> Hosting companies perform regular scans and audits for malicious behavior or malware and often disable any websites with known issues to prevent <a href="https://blog.sucuri.net/2020/01/what-is-cross-site-contamination.html" target="_blank" rel="noopener">cross contamination</a> in shared hosting environments.</li><li class="lh-1_7"><strong>Browser warnings are served to you or your site visitors when attempting to access the website. </strong>If Google Chrome or another browser displays a warning message when viewing the site, odds are your WordPress site has been hacked. For example, if you’re seeing a “<a href="https://blog.sucuri.net/2023/01/how-to-fix-the-deceptive-site-ahead-warning.html" target="_blank" rel="noopener">Deceptive Site Ahead</a>” warning when trying to access your website, it’s likely that your WordPress environment has been hacked and is involved in <a href="https://blog.sucuri.net/2018/11/what-is-phishing.html" target="_blank" rel="noopener">phishing</a>.</li><li><strong>Google Search Console displays a warning message stating your site’s been hacked or is serving malware. </strong>Google sends site owners who’ve linked their domain to Google Search Console notifications whenever a site has been compromised. These notifications provide valuable information about whether spam content or malicious code has been found on your website. It also indicates that your site has been<strong> <a href="https://sucuri.net/guides/how-to-remove-google-blocklist-warning/" rel="noopener noreferrer">blacklisted by a known authority</a></strong> like Google Safe Browsing.</li><li><strong>When you search for your domain, a warning message is displayed. </strong>Search authorities like Google and Bing provide warnings to users to help mitigate risk and protect them from pages that serve malware or phishing. For example, if you’re getting a “<a href="https://blog.sucuri.net/2022/11/how-to-fix-the-this-site-may-harm-your-computer-warning.html" target="_blank" rel="noopener">This Site May Harm Your Computer</a>” warning in your search results every time you look up your site in Google.</li><li><strong>Customers are complaining about credit card theft.</strong> Credit card theft is an incredibly lucrative business for many attackers, as sensitive credit card details can easily be sold for money on the black market or used to make fraudulent purchases. <a href="https://sucuri.net/guides/what-is-magecart/" target="_blank" rel="noopener">MageCart and credit card skimmers</a> can be used to steal sensitive payment information from a website. Attacks on e-commerce websites are typically targeted and leverage known vulnerabilities in plugins, themes, and other third-party components.</li><li><strong>There’s strange looking JavaScript in your website code.</strong> Attackers often use obfuscation techniques, formatting and code comments to conceal their malware from view. Even a small snippet of malicious JavaScript can be used to <a href="https://blog.sucuri.net/2022/02/how-to-fix-the-specialadves-wordpress-redirect-hack.html" target="_blank" rel="noopener">redirect website traffic</a>, harvest credit card details, or steal passwords from a hacked website.</li><li><strong>Your website has become extremely slow.</strong> Some malware use significant server resources. If your web pages have suddenly become very slow and take longer to load, you will want to investigate further and determine if your WordPress site has been hacked.</li><li><strong>Your website is redirecting somewhere else. </strong>Many attackers inject malicious redirects to send your website’s traffic to their ads or spam pages in an attempt to increase SEO and hijack traffic for their own domains. If you or your visitors are suddenly being sent to a spam landing page when accessing the site, you’ve likely become infected with a<strong> <a href="https://blog.sucuri.net/2020/05/malicious-redirects.html" target="_blank" rel="noopener noreferrer">malicious website redirect</a></strong>.</li><li><strong>You see changes on your website but you don’t know how they got there. </strong>For example, if the homepage has been modified or replaced with a new page, content has been added to existing pages, or new pages have been created, this is an indicator of compromise and should be investigated.</li></ol> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-34262b7 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="34262b7" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d1689d3" data-id="d1689d3" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-7a079f3 elementor-widget elementor-widget-faq_content" data-id="7a079f3" data-element_type="widget" data-widget_type="faq_content.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-faq-content"> <h2>WordPress Hack FAQ</h2> <div class="faq-content-single"> <ul> <li> <label for="question1" style="color: transparent; position: absolute;">How do WordPress sites get hacked?</label> <input type="checkbox" name="question1" id="question1" aria-labelledby="question"> <i></i> <h4>How do WordPress sites get hacked?</h4> <p><p>Malicious users crawl the internet looking for vulnerable WordPress sites to hack. If your website is not protected with a <a href="https://sucuri.net/website-firewall/wordpress-firewall/"><strong>WordPress firewall</strong></a> and if you do not follow <strong><a href="https://sucuri.net/guides/wordpress-security/">WordPress security</a></strong> best practices, your website can become a victim.</p></p> </li> <li> <label for="question2" style="color: transparent; position: absolute;">How do I find malicious code in WordPress?</label> <input type="checkbox" name="question2" id="question2" aria-labelledby="question"> <i></i> <h4>How do I find malicious code in WordPress?</h4> <p><p>You can use <strong><a href="https://sitecheck.sucuri.net/">SiteCheck</a></strong> to scan your WordPress site for malicious code for free. We recommend reinstalling your core files with a fresh copy if you suspect there is malware in your WordPress website. If you want to be sure that your website is clean, you can <strong><a href="https://sucuri.net/website-security-platform/signup/">sign up to Sucuri </a></strong>and submit a malware removal request.</p></p> </li> <li> <label for="question3" style="color: transparent; position: absolute;">How do I protect my WordPress site from Malware?</label> <input type="checkbox" name="question3" id="question3" aria-labelledby="question"> <i></i> <h4>How do I protect my WordPress site from Malware?</h4> <p>You can secure your WordPress site by following <strong><a href="https://sucuri.net/guides/website-security/" target="_blank" rel="noopener">website security best practices</a></strong>:</br></br> • Using a <strong><a href="https://sucuri.net/website-firewall/wordpress-firewall/">WordPress firewall</a></strong> </br> • Patching your website software with the <strong><a href="https://blog.sucuri.net/2023/07/how-to-harden-wordpress-a-basic-overview.html#step8" target="_blank" rel="noopener">latest version of WordPress core</a></strong>, plugins, themes and third-party services </br> • Enforcing <a href="https://blog.sucuri.net/2022/08/how-to-create-secure-passwords-for-your-website.html" target="_blank" rel="noopener"><strong>strong password requirements</strong></a> </br> • Only granting the type of access that someone needs </br> • Isolating each WordPress website </br> • Implementing <a href="https://blog.sucuri.net/2023/07/how-to-harden-wordpress-a-basic-overview.html#step1" target="_blank" rel="noopener"><strong>2FA on the WordPress login page</strong></a> </br> •<strong><a href="https://blog.sucuri.net/2023/07/how-to-harden-wordpress-a-basic-overview.html#step5" target="_blank" rel="noopener"> Limiting login attempts</a></strong> on wp-admin </br> • Leveraging <a href="https://blog.sucuri.net/2023/07/how-to-harden-wordpress-a-basic-overview.html#step2" target="_blank" rel="noopener"><strong>IP access restrictions for the WordPress dashboard</strong></a></p> </li> <li> <label for="question4" style="color: transparent; position: absolute;">How do I scan WordPress plugins for malware?</label> <input type="checkbox" name="question4" id="question4" aria-labelledby="question"> <i></i> <h4>How do I scan WordPress plugins for malware?</h4> <p><p>You can use <strong><a href="https://sitecheck.sucuri.net/">SiteCheck</a> </strong>to scan your WordPress site for malware for free. We highly recommend updating all WP plugins regularly and that you remove all plugins that are not being actively used. Sucuri also offers a <strong><a href="https://sucuri.net/website-security-platform/signup/">complete website security platform</a></strong> in which you will find website monitoring, protection, and response.</p></p> </li> </ul> </div> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-a6b6559 elementor-section-full_width elementor-section-height-default elementor-section-height-default" data-id="a6b6559" data-element_type="section" data-settings="{"background_background":"gradient"}"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ada5474" data-id="ada5474" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <section class="elementor-section elementor-inner-section elementor-element elementor-element-d9432da elementor-section-content-middle elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="d9432da" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-898be56" data-id="898be56" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-a59015a elementor-widget elementor-widget-heading" data-id="a59015a" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Need help with a hacked WordPress website?</h2> </div> </div> </div> </div> <div class="elementor-column elementor-col-25 elementor-inner-column elementor-element elementor-element-f21797b" data-id="f21797b" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-0867feb elementor-align-right elementor-mobile-align-center elementor-widget elementor-widget-button" data-id="0867feb" data-element_type="widget" data-gatrack="Button_Click, WP_Guide_Get_Started_Now" data-widget_type="button.default"> <div class="elementor-widget-container"> <div class="elementor-button-wrapper"> <a class="elementor-button elementor-button-link elementor-size-sm" href="https://sucuri.net/website-security-platform/signup/"> <span class="elementor-button-content-wrapper"> <span class="elementor-button-text">Get Started Now</span> </span> </a> </div> </div> </div> </div> </div> <div class="elementor-column elementor-col-25 elementor-inner-column elementor-element elementor-element-3320839" data-id="3320839" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-7856d08 elementor-align-left elementor-mobile-align-center elementor-widget elementor-widget-button" data-id="7856d08" data-element_type="widget" data-gatrack="Button_Click, WP_Guide_Get_Started_Learn_More" data-widget_type="button.default"> <div class="elementor-widget-container"> <div class="elementor-button-wrapper"> <a class="elementor-button elementor-button-link elementor-size-sm" href="https://sucuri.net/website-malware-removal/" aria-label="Learn More about Website Malware Removal"> <span class="elementor-button-content-wrapper"> <span class="elementor-button-text">Learn More</span> </span> </a> </div> </div> </div> </div> </div> </div> </section> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-bdca987 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="bdca987" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1c62bab" data-id="1c62bab" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-1afbeb7 elementor-widget elementor-widget-heading" data-id="1afbeb7" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Sucuri Resource Library</h2> </div> </div> <div class="elementor-element elementor-element-0eb0721 elementor-widget elementor-widget-text-editor" data-id="0eb0721" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Say on top emerging website security threats with our helpful guides, email, courses, and blog content.</p> </div> </div> <section class="elementor-section elementor-inner-section elementor-element elementor-element-7fcf74d elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="7fcf74d" data-element_type="section"> <div class="elementor-container elementor-column-gap-extended"> <div class="elementor-column elementor-col-33 elementor-inner-column elementor-element elementor-element-6c938e3" data-id="6c938e3" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-8820033 elementor-widget elementor-widget-image" data-id="8820033" data-element_type="widget" data-widget_type="image.default"> <div class="elementor-widget-container"> <a href="https://sucuri.net/webinars/how-to-clean-hacked-wordpress-site/" title="Webinar"> <img loading="lazy" decoding="async" width="545" height="324" src="https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-webinar.png" class="attachment-medium_large size-medium_large wp-image-8856" alt="" srcset="https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-webinar.png 545w, https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-webinar-300x178.png 300w" sizes="(max-width: 545px) 100vw, 545px" /> </a> </div> </div> <div class="elementor-element elementor-element-af9da29 elementor-view-default elementor-widget elementor-widget-icon" data-id="af9da29" data-element_type="widget" data-widget_type="icon.default"> <div class="elementor-widget-container"> <div class="elementor-icon-wrapper"> <a class="elementor-icon" href="https://sucuri.net/webinars/how-to-clean-hacked-wordpress-site/" title="Webinar"> <svg aria-hidden="true" class="e-font-icon-svg e-fas-arrow-right" viewBox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M190.5 66.9l22.2-22.2c9.4-9.4 24.6-9.4 33.9 0L441 239c9.4 9.4 9.4 24.6 0 33.9L246.6 467.3c-9.4 9.4-24.6 9.4-33.9 0l-22.2-22.2c-9.5-9.5-9.3-25 .4-34.3L311.4 296H24c-13.3 0-24-10.7-24-24v-32c0-13.3 10.7-24 24-24h287.4L190.9 101.2c-9.8-9.3-10-24.8-.4-34.3z"></path></svg> </a> </div> </div> </div> <div class="elementor-element elementor-element-50893ee elementor-widget elementor-widget-heading" data-id="50893ee" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h4 class="elementor-heading-title elementor-size-default">Webinar</h4> </div> </div> <div class="elementor-element elementor-element-83be6cf elementor-widget elementor-widget-text-editor" data-id="83be6cf" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Learn how to identify issues if you suspect your WordPress site has been hacked.</p> </div> </div> </div> </div> <div class="elementor-column elementor-col-33 elementor-inner-column elementor-element elementor-element-912c9e8" data-id="912c9e8" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-63c186e elementor-widget elementor-widget-image" data-id="63c186e" data-element_type="widget" data-widget_type="image.default"> <div class="elementor-widget-container"> <a href="https://info.sucuri.net/wordpress-security-course" title="Email Course"> <img loading="lazy" decoding="async" width="545" height="324" src="https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-email-courses.png" class="attachment-medium_large size-medium_large wp-image-8854" alt="" srcset="https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-email-courses.png 545w, https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-email-courses-300x178.png 300w" sizes="(max-width: 545px) 100vw, 545px" /> </a> </div> </div> <div class="elementor-element elementor-element-6fc08b3 elementor-view-default elementor-widget elementor-widget-icon" data-id="6fc08b3" data-element_type="widget" data-widget_type="icon.default"> <div class="elementor-widget-container"> <div class="elementor-icon-wrapper"> <a class="elementor-icon" href="https://info.sucuri.net/wordpress-security-course" title="Email Course"> <svg aria-hidden="true" class="e-font-icon-svg e-fas-arrow-right" viewBox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M190.5 66.9l22.2-22.2c9.4-9.4 24.6-9.4 33.9 0L441 239c9.4 9.4 9.4 24.6 0 33.9L246.6 467.3c-9.4 9.4-24.6 9.4-33.9 0l-22.2-22.2c-9.5-9.5-9.3-25 .4-34.3L311.4 296H24c-13.3 0-24-10.7-24-24v-32c0-13.3 10.7-24 24-24h287.4L190.9 101.2c-9.8-9.3-10-24.8-.4-34.3z"></path></svg> </a> </div> </div> </div> <div class="elementor-element elementor-element-cf413d8 elementor-widget elementor-widget-heading" data-id="cf413d8" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h4 class="elementor-heading-title elementor-size-default">Email Course</h4> </div> </div> <div class="elementor-element elementor-element-dbc6aef elementor-widget elementor-widget-text-editor" data-id="dbc6aef" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Join our email series as we offer actionable steps and basic security techniques for WordPress site owners.</p> </div> </div> </div> </div> <div class="elementor-column elementor-col-33 elementor-inner-column elementor-element elementor-element-e13373e" data-id="e13373e" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-a9065b2 elementor-widget elementor-widget-image" data-id="a9065b2" data-element_type="widget" data-widget_type="image.default"> <div class="elementor-widget-container"> <a href="https://sucuri.net/reports/2017-hacked-website-report/" title="Report"> <img loading="lazy" decoding="async" width="545" height="324" src="https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-report.png" class="attachment-medium_large size-medium_large wp-image-8857" alt="" srcset="https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-report.png 545w, https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-report-300x178.png 300w" sizes="(max-width: 545px) 100vw, 545px" /> </a> </div> </div> <div class="elementor-element elementor-element-c635c91 elementor-view-default elementor-widget elementor-widget-icon" data-id="c635c91" data-element_type="widget" data-widget_type="icon.default"> <div class="elementor-widget-container"> <div class="elementor-icon-wrapper"> <a class="elementor-icon" href="https://sucuri.net/reports/2017-hacked-website-report/" title="Report"> <svg aria-hidden="true" class="e-font-icon-svg e-fas-arrow-right" viewBox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M190.5 66.9l22.2-22.2c9.4-9.4 24.6-9.4 33.9 0L441 239c9.4 9.4 9.4 24.6 0 33.9L246.6 467.3c-9.4 9.4-24.6 9.4-33.9 0l-22.2-22.2c-9.5-9.5-9.3-25 .4-34.3L311.4 296H24c-13.3 0-24-10.7-24-24v-32c0-13.3 10.7-24 24-24h287.4L190.9 101.2c-9.8-9.3-10-24.8-.4-34.3z"></path></svg> </a> </div> </div> </div> <div class="elementor-element elementor-element-0c7de6c elementor-widget elementor-widget-heading" data-id="0c7de6c" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h4 class="elementor-heading-title elementor-size-default">Report</h4> </div> </div> <div class="elementor-element elementor-element-36a5cff elementor-widget elementor-widget-text-editor" data-id="36a5cff" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Based on our data, the three most commonly infected CMS platforms were WordPress, Joomla! and Magento.</p> </div> </div> </div> </div> </div> </section> </div> </div> </div> </section> </div> <div data-elementor-type="footer" data-elementor-id="10539" class="elementor elementor-10539 elementor-location-footer" data-elementor-post-type="elementor_library"> <section class="elementor-section elementor-top-section elementor-element elementor-element-861d687 elementor-section-full_width elementor-section-height-default elementor-section-height-default" data-id="861d687" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-fc1f30f" data-id="fc1f30f" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-a32286d elementor-widget elementor-widget-footer_section" data-id="a32286d" data-element_type="widget" data-widget_type="footer_section.default"> <div class="elementor-widget-container"> <div class="sucuri-footer-revamp parent"> <div class="footer-menu-logo-container"> <div class="footer-menu-logo-internal"> <div class="image-container"> <img src="https://sucuri.net/wp-content/uploads/2022/12/sucuri_logo_dark.svg" alt="Sucuri Logo"> </div> <div class="social-media-container"> <p>Let’s Connect</p> <div class="social-media-wrapper"> <a aria-label="Visit our Twitter profile" href="https://twitter.com/sucurisecurity/"> <svg xmlns="http://www.w3.org/2000/svg" width="23" height="21" viewBox="0 0 23 21" fill="none"><path d="M18.1138 0.210449H21.6407L13.9356 8.92748L23 20.7894H15.9016L10.3427 13.5952L3.98206 20.7894H0.453113L8.69443 11.4656L0 0.210449H7.27646L12.3012 6.78621L18.1117 0.210449H18.1138ZM16.876 18.6998H18.8303L6.21564 2.19025H4.11853L16.876 18.6998Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our Facebook profile" href="https://www.facebook.com/SucuriSecurity"> <svg xmlns="http://www.w3.org/2000/svg" width="23" height="23" viewBox="0 0 23 23" fill="none"><path d="M21.7287 0H1.27126C0.567177 0 0 0.567177 0 1.27126V21.7287C0 22.4328 0.567177 23 1.27126 23H12.2823V14.1012H9.28996V10.6395H12.2823V8.07738C12.2823 5.10459 14.1012 3.48129 16.7415 3.48129C18.0128 3.48129 19.108 3.57908 19.4209 3.6182V6.72789H17.5825C16.1352 6.72789 15.8614 7.41241 15.8614 8.40986V10.6199H19.3036L18.8537 14.0816H15.8614V22.9804H21.7287C22.4328 22.9804 23 22.4133 23 21.7092V1.27126C23 0.567177 22.4328 0 21.7287 0Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our Instagram profile" href="https://www.instagram.com/sucurisecurity/"> <svg xmlns="http://www.w3.org/2000/svg" width="23" height="23" viewBox="0 0 23 23" fill="none"><path d="M22.9218 6.76701C22.8631 5.55442 22.6675 4.71344 22.3937 3.97024C22.1003 3.20748 21.7092 2.58163 21.0638 1.93622C20.4184 1.29082 19.7925 0.89966 19.0298 0.606292C18.3061 0.312925 17.4651 0.136905 16.233 0.0782313C15.0008 0.0195578 14.6097 0 11.5 0C8.3903 0 7.97959 0 6.767 0.0782313C5.53486 0.136905 4.71343 0.332483 3.97024 0.606292C3.20748 0.89966 2.58163 1.29082 1.93622 1.93622C1.29081 2.58163 0.899655 3.20748 0.606288 3.97024C0.31292 4.69388 0.117341 5.53486 0.0782256 6.76701C0.0195522 7.99915 0 8.39031 0 11.5C0 14.6097 -5.6684e-06 15.0204 0.0782256 16.233C0.136899 17.4456 0.332478 18.2866 0.606288 19.0298C0.899655 19.7925 1.29081 20.4184 1.93622 21.0638C2.58163 21.7092 3.20748 22.1003 3.97024 22.3937C4.69388 22.6675 5.53486 22.8631 6.767 22.9218C7.99915 22.9804 8.3903 23 11.5 23C14.6097 23 15.0008 23 16.233 22.9218C17.4456 22.8631 18.2866 22.6675 19.0298 22.3937C19.7925 22.1003 20.4184 21.7092 21.0638 21.0638C21.7092 20.4184 22.1003 19.7925 22.3937 19.0298C22.6871 18.3061 22.8631 17.4651 22.9218 16.233C22.9804 15.0009 23 14.6097 23 11.5C23 8.39031 23 7.99915 22.9218 6.76701ZM20.8486 16.1548C20.79 17.2696 20.6139 17.8759 20.4575 18.2866C20.2423 18.8146 20.0077 19.2058 19.5969 19.6165C19.1862 20.0272 18.8146 20.2619 18.267 20.477C17.8563 20.6335 17.25 20.8291 16.1352 20.8682C14.9226 20.9269 14.551 20.9269 11.5 20.9269C8.44897 20.9269 8.05782 20.9269 6.86479 20.8682C5.75 20.8095 5.1437 20.6335 4.73299 20.477C4.20493 20.2619 3.81377 20.0272 3.40306 19.6165C2.99234 19.2058 2.75765 18.8342 2.54252 18.2866C2.38605 17.8759 2.19047 17.2696 2.15136 16.1548C2.09268 14.9422 2.09269 14.5901 2.09269 11.5196C2.09269 8.44898 2.09268 8.09694 2.15136 6.88435C2.21003 5.76956 2.38605 5.16327 2.54252 4.75255C2.75765 4.22449 2.99234 3.83333 3.40306 3.44218C3.81377 3.03146 4.18537 2.79677 4.73299 2.58163C5.1437 2.42517 5.75 2.22959 6.86479 2.19048C8.07738 2.1318 8.44897 2.1318 11.5 2.1318C14.551 2.1318 14.9226 2.1318 16.1352 2.19048C17.25 2.24915 17.8563 2.42517 18.267 2.58163C18.7951 2.79677 19.1862 3.03146 19.5969 3.44218C20.0077 3.85289 20.2423 4.22449 20.4575 4.75255C20.6139 5.16327 20.8095 5.76956 20.8486 6.88435C20.9073 8.09694 20.9073 8.46854 20.9073 11.5196C20.9073 14.5706 20.9073 14.9422 20.8486 16.1548Z" fill="#00FFCE"></path><path d="M11.5002 5.59375C8.23405 5.59375 5.59375 8.23406 5.59375 11.5002C5.59375 14.7664 8.23405 17.4067 11.5002 17.4067C14.7664 17.4067 17.4067 14.7664 17.4067 11.5002C17.4067 8.23406 14.7664 5.59375 11.5002 5.59375ZM11.5002 15.314C9.38796 15.314 7.66687 13.5929 7.66687 11.4807C7.66687 9.36841 9.38796 7.64732 11.5002 7.64732C13.6125 7.64732 15.3335 9.36841 15.3335 11.4807C15.3335 13.5929 13.6125 15.314 11.5002 15.314Z" fill="#00FFCE"></path><path d="M17.6406 3.98975C16.8778 3.98975 16.252 4.6156 16.252 5.37835C16.252 6.14111 16.8778 6.7474 17.6406 6.7474C18.4033 6.7474 19.0096 6.12155 19.0096 5.37835C19.0096 4.63515 18.3838 3.98975 17.6406 3.98975Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our LinkedIn profile" href="https://www.linkedin.com/company/sucuri-security"> <svg xmlns="http://www.w3.org/2000/svg" width="23" height="23" viewBox="0 0 23 23" fill="none"><path d="M0.445161 23H4.89677V7.04375H0.445161V23ZM2.67097 0C1.1871 0 0 1.15 0 2.5875C0 4.025 1.1871 5.175 2.67097 5.175C4.15484 5.175 5.34194 4.025 5.34194 2.5875C5.34194 1.15 4.15484 0 2.67097 0ZM12.4645 9.4875V7.04375H8.0129V23H12.4645V14.8063C12.4645 10.2063 18.5484 9.91875 18.5484 14.8063V23H23V13.225C23 5.4625 14.5419 5.75 12.4645 9.4875Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our YouTube profile" href="https://www.youtube.com/SucuriSecurity"> <svg xmlns="http://www.w3.org/2000/svg" width="30" height="21" viewBox="0 0 30 21" fill="none"><path d="M28.5264 3.64516C28.2012 2.42561 27.2041 1.45838 25.9469 1.12195C23.6708 0.533203 14.5667 0.533203 14.5667 0.533203C14.5667 0.533203 5.4625 0.533203 3.18646 1.12195C1.92922 1.43735 0.953767 2.40458 0.606942 3.64516C-2.64865e-06 5.85296 0 10.4999 0 10.4999C0 10.4999 -2.64865e-06 15.1257 0.606942 17.3546C0.932091 18.5741 1.92922 19.5414 3.18646 19.8778C5.4625 20.4665 14.5667 20.4665 14.5667 20.4665C14.5667 20.4665 23.6708 20.4665 25.9469 19.8778C27.2041 19.5414 28.1796 18.5952 28.5264 17.3546C29.1333 15.1257 29.1333 10.4999 29.1333 10.4999C29.1333 10.4999 29.1333 5.87399 28.5264 3.64516ZM11.597 14.6842V6.2735L19.2054 10.4788L11.597 14.6842Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our Threads profile" href="https://www.threads.net/@sucurisecurity"> <svg xmlns="http://www.w3.org/2000/svg" width="21" height="23" viewBox="0 0 21 23" fill="none"><path d="M10.6248 23H10.618C7.11116 22.977 4.4152 21.8452 2.60353 19.6372C0.99262 17.6717 0.160232 14.9366 0.132812 11.5096V11.4933C0.162191 8.06342 0.993599 5.33121 2.60549 3.36471C4.4152 1.15479 7.11312 0.023 10.6189 0H10.6326C13.3217 0.0191667 15.5712 0.694792 17.3172 2.01058C18.9595 3.24683 20.116 5.01017 20.7535 7.24979L18.7558 7.79508C17.6746 4.00008 14.9385 2.06042 10.6238 2.03071C7.77413 2.05179 5.61972 2.92771 4.21935 4.6345C2.90907 6.233 2.23239 8.54258 2.20595 11.5C2.23239 14.4574 2.90907 16.767 4.22033 18.3655C5.6207 20.0742 7.77609 20.9511 10.6248 20.9693C13.1935 20.9501 14.8925 20.3646 16.3046 19.0095C17.9175 17.4637 17.8891 15.5662 17.372 14.4114C17.0685 13.731 16.5171 13.1656 15.7719 12.7343C15.5839 14.03 15.1628 15.0784 14.5145 15.87C13.6469 16.9261 12.4189 17.503 10.8618 17.5854C9.68471 17.6477 8.54972 17.3765 7.67033 16.8178C6.62935 16.1575 6.02024 15.1503 5.95463 13.9773C5.89098 12.8369 6.35418 11.7875 7.25707 11.0237C8.11884 10.2954 9.33216 9.867 10.7658 9.7865C11.7538 9.72614 12.7455 9.77177 13.7233 9.92258C13.5999 9.2115 13.356 8.64608 12.9888 8.23879C12.4864 7.67721 11.7079 7.39258 10.6787 7.38587H10.6503C9.82376 7.38587 8.69955 7.60821 7.98566 8.65088L6.26506 7.52004C7.22476 6.12663 8.77985 5.35804 10.6503 5.35804H10.6934C13.8212 5.37721 15.6848 7.25075 15.8708 10.5215C15.9766 10.5656 16.0823 10.6116 16.1852 10.6576C17.6443 11.3285 18.7117 12.3453 19.2738 13.5997C20.0543 15.3439 20.1268 18.1901 17.7579 20.4595C15.9462 22.194 13.7487 22.978 10.6317 22.999L10.6248 23ZM11.607 11.7971C11.37 11.7971 11.1301 11.8038 10.8833 11.8172C9.08539 11.9159 7.96509 12.7238 8.02776 13.8709C8.09338 15.0746 9.44968 15.6333 10.7541 15.5643C11.9527 15.502 13.5137 15.0439 13.7761 12.0089C13.0628 11.8633 12.3357 11.7923 11.607 11.7971Z" fill="#00FFCE"></path></svg> </a> </div> </div> </div> </div> <div class="sucuri-footer-revamp child"> <div class="footer-menu-revamp-container"> <div class="outer-item"> <a class="link-parent" href="https://sucuri.net/website-security/"> Products </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/website-firewall/"> Website Firewall </a> <a class="link-child" href="https://sucuri.net/website-security-platform/"> Website Security Platform </a> <a class="link-child" href="https://sucuri.net/wordpress-security/"> WordPress Security </a> <a class="link-child" href="https://sucuri.net/website-backups/"> Website Backups </a> <a class="link-child" href="https://sucuri.net/website-security-platform/help-now/"> Hack Assistance </a> <a class="link-child" href="https://sucuri.net/website-security-platform/signup"> Pricing </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="https://sucuri.net/ddos-protection/"> Solutions </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/ddos-protection/"> DDoS Protection </a> <a class="link-child" href="https://sucuri.net/malware-detection-scanning/"> Malware Detection </a> <a class="link-child" href="https://sucuri.net/website-malware-removal/"> Malware Removal </a> <a class="link-child" href="https://sucuri.net/intrusion-detection-system/"> Malware Prevention </a> <a class="link-child" href="https://sucuri.net/website-security-platform/blocklist-removal-and-repair/"> Blacklist Removal </a> <a class="link-child" href="https://sucuri.net/seo-spam-removal/"> SEO Spam Removal </a> <a class="link-child" href="https://sucuri.net/wordpress-security-plugin/"> Wordpress Security Plugin </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="#"> USE CASES </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/developers/"> Developers </a> <a class="link-child" href="https://sucuri.net/ecommerce-website-security/"> Ecommerce </a> <a class="link-child" href="https://sucuri.net/custom/agency/"> Agency Plans </a> <a class="link-child" href="https://sucuri.net/custom/agency/"> Enterprise Services </a> <a class="link-child" href="https://sucuri.net/http-2-rapid-reset/"> HTTPS/2 </a> <a class="link-child" href="https://sucuri.net/virtual-patching/"> Virtual Patching </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="https://docs.sucuri.net/"> Support </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://docs.sucuri.net/"> Knowledge Base </a> <a class="link-child" href="https://sitecheck.sucuri.net/"> SiteCheck </a> <a class="link-child" href="https://sucuri.net/guides/"> Guides </a> <a class="link-child" href="https://labs.sucuri.net/"> Research Labs </a> <a class="link-child" href="https://abuse.sucuri.net/"> Report Abuse </a> <a class="link-child" href="https://status.sucuri.net/"> Status Report </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="https://sucuri.net/company/"> Company </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/company/"> About Sucuri </a> <a class="link-child" href="https://sucuri.net/company/contact-us/"> Contact </a> <a class="link-child" href="https://blog.sucuri.net/"> Blog </a> <a class="link-child" href="https://sucuri.net/referral/"> Referral </a> <a class="link-child" href="https://sucuri.net/partners/"> Partners </a> <a class="link-child" href="https://sucuri.net/customers/"> Testimonials </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="#"> Definitions </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/definitions/"> Firewall </a> <a class="link-child" href="https://sucuri.net/definitions/"> Bots </a> <a class="link-child" href="https://sucuri.net/definitions/"> Security </a> </div> </div> </div> </div> <div class="policy-container"> <div class="flex-menu"> <a href="https://sucuri.net/terms/">Terms of Use</a> <a href="https://sucuri.net/privacy/">Privacy Policy</a> <a href="https://sucuri.net/cookies/">Do Not Sell My Personal Information</a> <a href="https://sucuri.net/faq/">Frequently Asked Questions</a> </div> </div> <p class="copyright">© 2024 GoDaddy Mediatemple, Inc., d/b/a Sucuri. All rights reserved.</p> <div class="back-to-top-mobile"> <a title="Going Top" href="#top"> <svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 42 42" fill="none"> <circle cx="21" cy="21" r="20.5" fill="#02141B" stroke="white"/> <path d="M21 17.3202L29.0133 24.7468C29.0779 24.8079 29.1546 24.8562 29.2389 24.889C29.3232 24.9217 29.4135 24.9382 29.5046 24.9375C29.5956 24.9368 29.6856 24.9188 29.7694 24.8848C29.8531 24.8507 29.9289 24.8012 29.9924 24.739C30.0559 24.6769 30.1058 24.6033 30.1393 24.5227C30.1728 24.442 30.1891 24.3558 30.1874 24.2691C30.1856 24.1824 30.1659 24.0969 30.1292 24.0175C30.0925 23.9381 30.0397 23.8664 29.9738 23.8066L21.4802 15.9358C21.3517 15.8167 21.1794 15.75 21 15.75C20.8206 15.75 20.6483 15.8167 20.5198 15.9358L12.0262 23.8066C11.9603 23.8664 11.9075 23.9381 11.8708 24.0175C11.8341 24.0969 11.8144 24.1824 11.8126 24.2691C11.8109 24.3558 11.8272 24.442 11.8607 24.5227C11.8942 24.6033 11.9441 24.6768 12.0076 24.739C12.0711 24.8012 12.1469 24.8507 12.2306 24.8848C12.3144 24.9188 12.4044 24.9368 12.4954 24.9375C12.5865 24.9382 12.6768 24.9217 12.7611 24.889C12.8454 24.8562 12.9221 24.8079 12.9867 24.7468L21 17.3202Z" fill="#13EAC0"/> </svg> </a> </div> <div class="back-to-top"> <div class="circle"> <a class="circle-flex" title="Going Top" href="#top"> <svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 42 42" fill="none"> <circle cx="21" cy="21" r="20.5" fill="#02141B" stroke="white"/> <path d="M21 17.3202L29.0133 24.7468C29.0779 24.8079 29.1546 24.8562 29.2389 24.889C29.3232 24.9217 29.4135 24.9382 29.5046 24.9375C29.5956 24.9368 29.6856 24.9188 29.7694 24.8848C29.8531 24.8507 29.9289 24.8012 29.9924 24.739C30.0559 24.6769 30.1058 24.6033 30.1393 24.5227C30.1728 24.442 30.1891 24.3558 30.1874 24.2691C30.1856 24.1824 30.1659 24.0969 30.1292 24.0175C30.0925 23.9381 30.0397 23.8664 29.9738 23.8066L21.4802 15.9358C21.3517 15.8167 21.1794 15.75 21 15.75C20.8206 15.75 20.6483 15.8167 20.5198 15.9358L12.0262 23.8066C11.9603 23.8664 11.9075 23.9381 11.8708 24.0175C11.8341 24.0969 11.8144 24.1824 11.8126 24.2691C11.8109 24.3558 11.8272 24.442 11.8607 24.5227C11.8942 24.6033 11.9441 24.6768 12.0076 24.739C12.0711 24.8012 12.1469 24.8507 12.2306 24.8848C12.3144 24.9188 12.4044 24.9368 12.4954 24.9375C12.5865 24.9382 12.6768 24.9217 12.7611 24.889C12.8454 24.8562 12.9221 24.8079 12.9867 24.7468L21 17.3202Z" fill="#13EAC0"/> </svg> <span> <p style="margin-top:0px !important; margin-bottom:0px !important;">back to top <svg xmlns="http://www.w3.org/2000/svg" width="20" height="10" viewBox="0 0 20 10" fill="none"> <path d="M10 1.57018L18.0133 8.99675C18.0779 9.0579 18.1546 9.10624 18.2389 9.13898C18.3232 9.17171 18.4135 9.1882 18.5046 9.18748C18.5956 9.18676 18.6856 9.16885 18.7694 9.13478C18.8531 9.10071 18.9289 9.05117 18.9924 8.98901C19.0559 8.92685 19.1058 8.85332 19.1393 8.77266C19.1728 8.692 19.1891 8.60582 19.1874 8.51911C19.1856 8.4324 19.1659 8.34688 19.1292 8.26749C19.0925 8.18811 19.0397 8.11644 18.9738 8.05663L10.4802 0.185786C10.3517 0.066655 10.1794 -3.93758e-07 10 -4.01598e-07C9.82063 -4.09439e-07 9.64833 0.0666549 9.51977 0.185786L1.02623 8.05663C0.960287 8.11644 0.907457 8.18811 0.870792 8.26749C0.834127 8.34688 0.814355 8.4324 0.812622 8.51911C0.810888 8.60582 0.827226 8.692 0.860693 8.77266C0.894159 8.85332 0.944088 8.92685 1.00759 8.98901C1.07109 9.05117 1.14691 9.10071 1.23065 9.13478C1.31438 9.16885 1.40439 9.18676 1.49544 9.18748C1.5865 9.1882 1.6768 9.17171 1.76112 9.13898C1.84544 9.10624 1.92211 9.0579 1.98669 8.99675L10 1.57018Z" fill="#13EAC0"/> </svg> </p> </span> </a> </div> </div> </div> </div> </div> </div> </div> </div> </section> </div> <script src="https://www.google.com/recaptcha/api.js?onload=onRecaptchaLoad&render=explicit" async defer></script> <script type='text/javascript'> // Define a function to be called when reCAPTCHA script is loaded function onRecaptchaLoad() { // Your code that uses grecaptcha var recaptchaElement = document.getElementsByClassName('g-recaptcha')[0]; if (recaptchaElement) { grecaptcha.render(recaptchaElement, { sitekey: '6LetGjkUAAAAAJZdUKrKJtingLJw5x0mY-O2VGf_', }); } else { console.error('reCAPTCHA element not found'); } } </script> <script type='text/javascript'> const lazyloadRunObserver = () => { const lazyloadBackgrounds = document.querySelectorAll( `.e-con.e-parent:not(.e-lazyloaded)` ); const lazyloadBackgroundObserver = new IntersectionObserver( ( entries ) => { entries.forEach( ( entry ) => { if ( entry.isIntersecting ) { let lazyloadBackground = entry.target; if( lazyloadBackground ) { lazyloadBackground.classList.add( 'e-lazyloaded' ); } lazyloadBackgroundObserver.unobserve( entry.target ); } }); }, { rootMargin: '200px 0px 200px 0px' } ); lazyloadBackgrounds.forEach( ( lazyloadBackground ) => { lazyloadBackgroundObserver.observe( lazyloadBackground ); } ); }; const events = [ 'DOMContentLoaded', 'elementor/lazyload/observe', ]; events.forEach( ( event ) => { document.addEventListener( event, lazyloadRunObserver ); } ); </script> <link rel='stylesheet' id='e-sticky-css' href='https://sucuri.net/wp-content/plugins/elementor-pro/assets/css/modules/sticky.min.css?ver=3.25.2' type='text/css' media='all' /> <script type="text/javascript" defer="defer" src="https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js" id="slick-js-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/themes/sucuriwp/js/navigation.js?ver=1628779856" id="sucuriwp-navigation-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/themes/sucuriwp/js/skip-link-focus-fix.js?ver=1628779856" id="sucuriwp-skip-link-focus-fix-js"></script> <script type="text/javascript" defer="defer" src="https://sucuri.net/wp-content/themes/sucuriwp/js/script.min.js" id="sucuriwp-js-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.25.2" id="e-sticky-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.2.1" id="smartmenus-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.25.2" id="elementor-pro-webpack-runtime-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.25.4" id="elementor-webpack-runtime-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.25.4" id="elementor-frontend-modules-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18" id="wp-hooks-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6" id="wp-i18n-js"></script> <script type="text/javascript" id="wp-i18n-js-after"> /* <![CDATA[ */ wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); /* ]]> */ </script> <script type="text/javascript" id="elementor-pro-frontend-js-before"> /* <![CDATA[ */ var ElementorProFrontendConfig = {"ajaxurl":"https:\/\/sucuri.net\/wp-admin\/admin-ajax.php","nonce":"d749db2ae0","urls":{"assets":"https:\/\/sucuri.net\/wp-content\/plugins\/elementor-pro\/assets\/","rest":"https:\/\/sucuri.net\/wp-json\/"},"settings":{"lazy_load_background_images":true},"popup":{"hasPopUps":false},"shareButtonsNetworks":{"facebook":{"title":"Facebook","has_counter":true},"twitter":{"title":"Twitter"},"linkedin":{"title":"LinkedIn","has_counter":true},"pinterest":{"title":"Pinterest","has_counter":true},"reddit":{"title":"Reddit","has_counter":true},"vk":{"title":"VK","has_counter":true},"odnoklassniki":{"title":"OK","has_counter":true},"tumblr":{"title":"Tumblr"},"digg":{"title":"Digg"},"skype":{"title":"Skype"},"stumbleupon":{"title":"StumbleUpon","has_counter":true},"mix":{"title":"Mix"},"telegram":{"title":"Telegram"},"pocket":{"title":"Pocket","has_counter":true},"xing":{"title":"XING","has_counter":true},"whatsapp":{"title":"WhatsApp"},"email":{"title":"Email"},"print":{"title":"Print"},"x-twitter":{"title":"X"},"threads":{"title":"Threads"}},"facebook_sdk":{"lang":"en_US","app_id":""},"lottie":{"defaultAnimationUrl":"https:\/\/sucuri.net\/wp-content\/plugins\/elementor-pro\/modules\/lottie\/assets\/animations\/default.json"}}; /* ]]> */ </script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.25.2" id="elementor-pro-frontend-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3" id="jquery-ui-core-js"></script> <script type="text/javascript" id="elementor-frontend-js-before"> /* <![CDATA[ */ var elementorFrontendConfig = {"environmentMode":{"edit":false,"wpPreview":false,"isScriptDebug":false},"i18n":{"shareOnFacebook":"Share on Facebook","shareOnTwitter":"Share on Twitter","pinIt":"Pin it","download":"Download","downloadImage":"Download image","fullscreen":"Fullscreen","zoom":"Zoom","share":"Share","playVideo":"Play Video","previous":"Previous","next":"Next","close":"Close","a11yCarouselWrapperAriaLabel":"Carousel | Horizontal scrolling: Arrow Left & Right","a11yCarouselPrevSlideMessage":"Previous slide","a11yCarouselNextSlideMessage":"Next slide","a11yCarouselFirstSlideMessage":"This is the first slide","a11yCarouselLastSlideMessage":"This is the last slide","a11yCarouselPaginationBulletMessage":"Go to slide"},"is_rtl":false,"breakpoints":{"xs":0,"sm":480,"md":768,"lg":1025,"xl":1440,"xxl":1600},"responsive":{"breakpoints":{"mobile":{"label":"Mobile Portrait","value":767,"default_value":767,"direction":"max","is_enabled":true},"mobile_extra":{"label":"Mobile Landscape","value":880,"default_value":880,"direction":"max","is_enabled":false},"tablet":{"label":"Tablet Portrait","value":1024,"default_value":1024,"direction":"max","is_enabled":true},"tablet_extra":{"label":"Tablet Landscape","value":1200,"default_value":1200,"direction":"max","is_enabled":true},"laptop":{"label":"Laptop","value":1366,"default_value":1366,"direction":"max","is_enabled":false},"widescreen":{"label":"Widescreen","value":2400,"default_value":2400,"direction":"min","is_enabled":false}},"hasCustomBreakpoints":true},"version":"3.25.4","is_static":false,"experimentalFeatures":{"e_font_icon_svg":true,"additional_custom_breakpoints":true,"e_nested_atomic_repeaters":true,"e_optimized_control_loading":true,"e_onboarding":true,"e_css_smooth_scroll":true,"theme_builder_v2":true,"home_screen":true,"landing-pages":true,"nested-elements":true,"link-in-bio":true,"floating-buttons":true},"urls":{"assets":"https:\/\/sucuri.net\/wp-content\/plugins\/elementor\/assets\/","ajaxurl":"https:\/\/sucuri.net\/wp-admin\/admin-ajax.php","uploadUrl":"https:\/\/sucuri.net\/wp-content\/uploads"},"nonces":{"floatingButtonsClickTracking":"2b8879dc4b"},"swiperClass":"swiper-container","settings":{"page":[],"editorPreferences":[]},"kit":{"active_breakpoints":["viewport_mobile","viewport_tablet","viewport_tablet_extra"],"global_image_lightbox":"yes","lightbox_enable_counter":"yes","lightbox_enable_fullscreen":"yes","lightbox_enable_zoom":"yes","lightbox_enable_share":"yes","lightbox_title_src":"title","lightbox_description_src":"description"},"post":{"id":10226,"title":"How%20to%20Remove%20Malware%20%26%20Fix%20a%20Hacked%20WordPress%20Site%20%282023%29%20%7C%20Sucuri","excerpt":"WordPress is the most popular website platform, making it a target. Learn basic WordPress security techniques and actionable steps to reduce the risk of a compromise.","featuredImage":"https:\/\/sucuri.net\/wp-content\/uploads\/2023\/01\/2022_Sucuri_Guide_How-to-Clean-a-Hacked-WordPress-Website-1024x481.png"}}; /* ]]> */ </script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.25.4" id="elementor-frontend-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.25.2" id="pro-elements-handlers-js"></script> <script> // Define the container ID const containerId = 'firewall-container'; // Get the container element const container = document.getElementById(containerId); // Function to toggle the state function toggleRadioButtonsInContainer() { if (container) { // Check if the radio buttons are inside the container const firewallInput = container.querySelector('#firewall'); const platformInput = container.querySelector('#platform'); if (firewallInput && platformInput) { // Make the 'firewall' radio button checked and set aria-checked to true firewallInput.checked = true; firewallInput.setAttribute('aria-checked', 'true'); // Make the 'platform' radio button unchecked and set aria-checked to false platformInput.checked = false; platformInput.setAttribute('aria-checked', 'false'); } else { console.warn('Radio buttons not found inside the container.'); } } else { console.warn(`Container with ID '${containerId}' not found.`); } } // Call the function to toggle the state toggleRadioButtonsInContainer(); </script> </body> </html>

CINXE.COM

How to Remove Malware & Fix a Hacked WordPress Site (2023) | Sucuri