How to permanently remove the malwares on your WordPress site?

how I permantenly remove this malware notification

Securing your website from Malware, do I need to care?

For sure, you’ll do if you see this warning. The struggle is insane, I’ve been searching a long time how to permanent remove malware on WordPress. I found some tutorials but suddenly, it keeps coming back until I found out the solution.

For more information, check the Sucuri Scanner – www.sitecheck.sucuri.net/results/www.bookwormhead.com

What happen if there’s a malware on your site?

Nowadays, hackers are getting stronger and they used to hack sites that are poorly maintained and outdated. They usually inject malicious files making your site blacklisted to search engine like Google. If this happen, you will be invisible to search result. Worst thing, they can steal confidential information making yourself and your customers unsecured. Sounds scary? That’s the truth!

Most of the codes are weird .php and .json that’s not included in your WordPress core e.g

idi123.php
wp-signups.php
error405.php

This crazy codes are the reason why your visitors are staying away from you. Some injections really dive in to your core files like wp-settings, wp-config. You can figure out the malicious code because you can barely understand its meaning like <script>89sakjda)))s9 </script>. For wp-config, they usually appears in the comment section and sometimes they are also injected to your theme header.

Anyway, I would be happy to break down the steps to stay away from hijackers.

Steps how to remove malware on WordPress – Proven and Tested

Make your website CMS platform, extras and software up to date

A new CMS version usually take few months to be available and it is significant to keep your files updated to have a good business experience.

Updating your website is easy to do however you need to be cautious as well for some unexpected error due to incompatibility.

Secure Your site

Having an updated version is not enough, you need to secure it and make sure that hijackers cannot enter to your website.

Scan your WordPress using WordFence
Remove the malicious code
Clean your database at adminphp
Change your cpanel password.
Prevent brute-attacks
Use a two-authentication process to login
Block fake bots
Setup Firewall
Block fake robots and traffic
Hide your CMS Plaform

Peace of advice, don’t take this for granted. A lot of website owners are facing this chaos and they end up redoing a new site and domain.

Here you can create the content that will be used within the module.