How to Remove Malware from Your Website

Malware on a website can take many forms: injected spam links, hidden redirects, backdoor scripts, or cryptocurrency miners. Removing it requires a systematic approach to make sure nothing is left behind.

Step 1: Scan Your Files

Use a malware scanner to identify infected files:

• WordPress: Install Wordfence or Sucuri Security and run a full scan. These plugins compare your core files against known-good versions and flag suspicious code.
• All sites: In cPanel, use Virus Scanner under the Security section to scan your home directory.

Step 2: Review the Findings

Scanners will flag files containing suspicious code patterns. Review each finding carefully - some may be false positives. Common malware injection points include index.php, .htaccess, and theme/plugin files in WordPress.

Step 3: Clean or Replace Infected Files

• For CMS core files (WordPress, Joomla, etc.), the safest approach is to replace them entirely with fresh downloads from the official source.
• For theme or plugin files, reinstall from official repositories.
• For custom files, manually remove the injected code - malware is often base64-encoded and inserted at the top or bottom of PHP files.

Step 4: Clean the Database

Malware sometimes injects content into your database. Use phpMyAdmin in cPanel to search your database tables for suspicious strings like eval(, base64_decode, or spam links.

Step 5: Prevent Reinfection

Change all passwords, update all software, and enable ModSecurity. If you need hands-on help, contact our support team.