If Malware Strikes Your Website

Table of Contents


If you own a website, you may have heard about malicious code. It can be spread in many ways, including email attachments, infected ads on websites, or even visiting sites that host it. When malware infects your site, it can do a lot of things—like steal your user’s data—but the most common reason for hackers to target websites is to use them as launch pads for attacks against other sites or users. This guide will help you clean up a hacked site and make sure it stays secure in the future!

Login to WordPress Dashboard

If you have a WordPress website, login to your dashboard and review the sections below. If you don’t know your login details, contact your host; they will be able to provide them for you.

If any of the following sections looks unfamiliar or if it indicates that something has been changed without your knowledge, then it is possible that malware has infected your site:

  • Dashboard > Settings > General > Other Settings
  • Dashboard > Settings > Reading (or Discussion)

Check Themes, Plugins, and Media Library for Malicious Code

If you don’t know what to look for, hiring a professional is your best bet. If you’re not sure how to fix it, hire a professional. You know what they say about the best defense being a good offense? Well this is true when it comes to security too: The best way to prevent getting hacked is by knowing what to look out for before anything happens.

Because if infected websites are left unchecked and go unnoticed (which they usually do), they can result in more than just slowed performance and frustrating user experience—they could also lead down the path of malware infection which could be worse than just slowing down your site speed or annoying users with ads popping up all over their screen! So make sure that before anything happens, your website undergoes regular checks and balances so that everything stays secure and safe no matter what kind of threats there may be lurking around online today!

Perform a Complete Backup of Your Website Before You Move Forward

  • Perform a Complete Backup of Your Website Before You Move Forward.
  • Backing up your website before you start the clean-up process is an important step in protecting yourself from further damage. We recommend using our WordPress backup plugin or another service that performs automated backups on a regular basis. These services allow you to restore your website if you ever have an issue with malware or other attacks, so it’s important to keep them up-to-date and safe from being deleted by malware as well.* It may seem like overkill at first, but having backups stored somewhere else (like on GitHub) will make it easier for you to restore your site if something happens during the clean-up process.* Restoring Your Site After Cleaning Up Malware
  • Depending on how much data has been lost due to malware infection, restoring your site might be similar or different than installing one from scratch (with plugins and themes). If the website content has been corrupted but not deleted completely then try restoring from backup files created before April 12th 2017 when we released new code changes that prevented certain types of attacks like this one. Once restored into its original state – meaning pre-malware infection – reimport all of its old posts through WP Migration DB Importer plugin.* If all else fails…

Remove Malicious Code from your Themes, Plugins and Media Library

You should also remove any malicious code from your themes, plugins and media library. You can do this by using a website malware scanner to find the code and then removing it manually or by asking for help from a website security expert.

Clean up Database Tables

  • Use phpMyAdmin to clean up database tables

If you are a MySql database administrator, you can use the phpMyAdmin interface to search for and remove malicious code from your website’s databases. If not, hire a MySql database expert to do this for you.

Notify Google that you’ve removed the malware from your website

If you don’t notify Google, the malware can continue to cause problems for your website. Google will not remove the malware from your website if it doesn’t know about it. You should not contact Google with general questions or questions that could be answered by another source without first attempting to resolve the issue yourself. If you do not believe hiring an expert is worth the cost, at least hire someone who knows what they are doing so that you can be sure that all of this code has been removed before contacting Google.

If your website gets hacked, these steps will help you get rid of the malicious code.

  • If you have a backup, restore the website to its state before the hack.
  • If you don’t have a backup, it’s time to start cleaning up your website manually by removing all malicious code from files and database tables.
  • You can use Google’s Webmaster Tools and see if anything is flagged as suspicious on your website.
  • Make sure that everything is working properly after removing malware so that you can notify Google of this change in status.


If you’re experiencing problems with your website and suspect that it may be infected with malware, there are a few steps you can take to check for malicious code and remove it. The first step is to log in to your WordPress Dashboard (as an administrator) and check whether there are any errors in the logs or wp-config file. If there aren’t any errors but something does seem off about your site, then it might be hacked. In this case, we recommend performing a complete backup before moving forward so you don’t lose any important data from previous posts or pages when removing malicious code from themes, plugins and media library folders on server level.

Share this post with your friends

Subscribe to our Newsletter

Your email is only used for our weekly Web Design & SEO Blog. We hate spam too.

They Chose MBDEV!
Scroll to Top
Don't Leave! We Have a Deal for You!

Revamp Your Existing Website for Only $750!

As a leading name in small business networks, we strive to help our communities flourish. That’s why we’ve created this limited-time offer just for local companies like yours.

Promo is limited – claim your 80% off website revamp deal today before it expires and recieve AI Local SEO as a bonus!

Be the envy of your competitors with a one-of-a-kind online presence. Seize this exclusive opportunity to take your business to the next level now!

* Offer valid for Southcoast, MA only. Must have a existing website. Up to 10 pages per revamp. From scratch sites %50 off.