Identifying, Removing, and Preventing Malware on Your WordPress Site


If your site has been infected, it is generally because some vulnerability has allowed a hacker to take control of your site. The hacker may change the content of the site (for example, to add spam), or add additional pages to the site, usually with the intent of phishing (tricking users into parting with personal and credit card information). Alternatively, they may inject malicious code (malware)—for example, scripts or iFrames that pull content from another website that tries to attack any computer that views the page.


The term “malware” covers all sorts of malicious software designed to harm a computer or network. Kinds of malware include (but are not limited to) viruses, worms, spyware, and Trojan horses. Once a site or computer has been compromised, it can be used to host malicious content such as phishing sites (sites designed to trick users into parting with personal and credit card information). Some hackers may even take administrative control over a hacked site.

If your site is listed as badware by Google or another StopBadware data provider, follow the steps below.


Clean & secure your website

Your website could have badware, even if you don’t know it!

Read detail guide to cleaning & securing your website.

Check your site

After cleaning your site, scan it with following free tool to make sure you haven’t missed anything.

1. Google Diagnostics

2. Unmask Parasites
Security Check

3. Rex Swain’s HTTP Viewer
See exactly what an HTTP request returns to your browser

4. Sucuri SiteCheck

Fully free and open, check multiple pages for malware, spam, and defacement.

5. Services and tools for analyzing malicious URLs

6. soswebscan
soswebscan is free online website scanner to identify iframe badware

Request a review

You’ve scanned your site, and everything looks clean. It’s time to request a review.

If Google is the only data provider listing your site:

You can request an automated review through Google’s Webmaster Tools. This is the fastest way to get your site removed from Google’s list.

To request a review through StopBadware, find your site in our Badware Website Clearinghouse. Then, click “Request an independent review of data providers’ findings.” Fill out and submit the form.

About malware and hacked sites (from Google help)

  • If your site is infected: How to clean up a hacked site.
  • Preventing malware infection: Best practices for avoiding infection in the future
  • Requesting a malware review: Once you’re sure that all spam and malicious code has been removed, you can ask Google to review it. Google will check your site and, if it’s now clean, will remove any warning label that appears in your site’s listing on the search results page.
Leave a Reply

Your email address will not be published. Required fields are marked *

Sign Up for Our Newsletters

Get notified of the best deals on our WordPress themes.

You May Also Like