Easiest ways to remove malware from WordPress Theme

7 steps to remove wp malware

Easiest ways to remove malware from WordPress Theme

Do you know that WordPress is one of the most vulnerable web applications that malware? Almost 70% of a WordPress site is vulnerable to it. According to Wordfence, 9 million sites are affected by hackers and malware. Also, removing malware from a professional developer will cost you a lot. Another important thing is that malware spreads and affects other files too. So, the question arises on how to protect your website from malware for free or how to remove malware from the null version theme and what to do when it is affected. So, today I will some of the easiest ways to remove malware from your WordPress Theme site

But, first of all, we should know, how sites are affected by malware & how can we know that malware is affecting our site. Malware mostly attacks your site when you download any themes or plugins from an authenticated or unknown source(Such as null versions). So, it is recommended to keep away yourself from null versions. Also, you can know the presence of malware in the following ways:

  • Your sites will very slow although you might have high-speed internet.
  • The functions of the sites(backend) may not work smoothly.
  • There will be an error while updating your site (post, media)

Now, let us move on & learn how malware attacks your site.

  • The first method is to, Run a virus scanner into your Cpanel panel which is present in most of the hosting C panel. They will definitely help you to show malicious files such as commonly wp-vcd.php. Mostly malicious files/codes are present in theme function.php[As it is the brain of a script/theme/plugin which controls/functions the other files] files & wp-includes. {Note: Don’t delete the malicious files[function.php] as it will crash the site totally, remember that you have to remove the codes only}
  • The second method is an alternative method for the first one which installing the Wordfence plugin directly to your file manager. This method is useful to those users who don’t have a virus scanner in hosting Cpanel. For installing it directly to your site follow the following steps.

Free from malicious code/malware
Free from malicious code/malware

Login to Cpanel -> Go to file manage -> Download Wordfence plugin from the button given below -> unzip it  & upload it in public_html[your directory]/wp content/plugins -> Activate the plugin your site backend[Normal plugin activation] . As you haven’t deleted the malicious files you will still be able to activate. Then run the scan though it will be a slow process. Wait for a few secs and you will be able to see which files are affected by malware.

  • After that, get a fresh theme{purchased from an authorized seller}.
  • I recommend buying if you don’t know about codes. After that compare or see if there are any extra codes{malicious} just like the image given above. The next step is to remove the codes and your site malware is removed.

Now, what to do if malware affects your WordPress backend[wp-includes/wp-content/wp-admin] files.

The following steps are:

  • Download the latest version of WordPress from this link given below -> unzip it -> go to your hosting file manager -> go to the directory which is affected by malware[ Paths/files shown by virus scanner/wordfence].
  • Next, see whether there are any extra files such as wp-VCD.php files or malicious codes by comparing them with the original downloaded.
  • Lastly, remove the unwanted files and codes. And, it’s done you have successfully remove malware from your WordPress backend.😉



Malware is notorious and multiplies in numbers. They are capable to damage your site completely or erase all your data. So, it is wise to have a precaution beforehand. Precautions to prevent malware such as not using any nulled version themes/plugins, installing wordfence[Not doing for a promotion]. I personally use and suggest wordfence as its totally free and apart from scanning malware it also prevents brute force attacks. Also, keep your site updated with the latest version[themes, plugins, wordpress]. Lastly, don’t forget to subscribe, share & comment if you have any queries. Thank you 😁

For professional malware removal [paid $15- $30) contact [email protected]

Leave a Reply

Your email address will not be published. Required fields are marked *