WordPress Training Titans in Ireland

WordPress Virus Cleaning Service Forensics

Your content is kept in the wordpress database, you should back that up first.

The database points to images in your uploads folder within your wp-content folder, active theme etc.

If you have downloaded and run a WordPress plugin or theme or  your website gets infected.

And you are struggle to identifying the location of the infection, one very common place to look in is the plugins directory.

Remove any and all plugins/themes that you can possible afford to get rid of, and make sure everything else is up to date with the latest versions.

Don’t deactivate themes or plugins. Delete them.

Re-upload all the core WordPress files, and do the same for your themes and for your plugins, and replace the current files with the core files so any vulnerable files will be replaced.

What most people don’t realise is that you have the option to disable the plugins directory. Don’t be fooled by the use of “disable”, it simply means you can’t use the plugins.

One very easy way to do this is rename the directory: Rename the folder: plugins to plugins.backup or simply drop a 1 in front of the directory (1plugins) comments the directory out.

This will kill all your plugins making them useless to your website. At this point see if the infection is tied to the plugins. If this is the case, another very good trick is to narrow down the infection further by disabling one plugin at a time.

Yes, this works and it’s very easy to do for novices.

Note: renaming you plugins folder is not going to hurt your site. When you remove the name and reset to its default the site will be fully functional again.

If you disable plugins and the infection is still present then you know it’s one of the following: core files, themes files, or database.

Of course you will have to check your uploads folder its within the wp-content directory(folders and directories are the same thing) these viruses sometimes place files to regenerate the virus i.e _cache.php. Searching ever folder for every month within uploads and deleting as you go (general rule of thumb is there should NOT be anything within your uploads folder that is not an image i.e. an executable file .php)

The .htaccess file is another target for hackers and redirects

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

This is a proper WordPress .htaccess file