How to Remove Virus/Malware from Hacked WordPress Website for FREE using WordFence Plugin Tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Halperin Sam Nash it from block to command today in this video I'll show you how to remove viruses and malware's from your WordPress website for free now there are many websites in which malware and viruses are present and the unfortunate thing is that the website owner doesn't even know that so today in this video I'll teach you how to scan your website for viruses and malware's and how to remove them now just to create this video I had to purposely get malware on my website so for that I just installed our null theme and all the viruses were on my website so first let me tell you about fear of the precautions that you could take to avoid your website getting infected with malware first of all make sure you host your website on a nice reputed a1 first-class hosting company very very important if your website is hosted on some cheap hosting platform obviously there are very high chances of your website getting infected with malware and also your website getting hacked so make sure you use a nice reputed hosting company that would be really good for you it will make your website safe and secure it will also improve the website speed and performance now personally I am using site Brown and that is what I recommend so you'll see your link in the video description below site ground link that is a discount link you can click on that link and just go with site ground now the great thing is that they also provide website migration for free so if you have all active website and if you want to migrate to site ground they can do it for free second precaution would be to use the least amount of themes and plugins possible make sure you have only one active theme in your directory just let me show you that so if you go to your dashboard you'll see at the left hand side this appearance option click on that now here make sure you have only one theme activated only one thing downloaded and activated if you have some extra themes over here that you are not using make sure you delete that very important second thing is that try to use the least number of plugins possible don't use many different plugins people just download and activate many different plugins on their website make sure and try to use the least number of plugins possible and try to use only those plugins which has very good rating popular plugins like plugins which has around do you know 500,000 or a million installations and nice good rating for plus rating or try to get a five star rating plugin third precaution would be to update your themes and plugins frequently so whenever there is an update for the plug-in or the team make sure you get that update very very important and the fourth precaution that I would give you is to don't use nulled themes you know there are many different plugins and themes there many different actual websites on internet that you know they say that they will provide you free themes and free plugins people just go they want to save some money they download that and after that this thing happens in fact as I said you in the beginning of this video in the introduction that I purposely got my website infected with malware so the way I got my website infected with malware purposely was to just install a null theme and few nulled plugins on my website and here it is we have all the viruses and malware's on my website so these were the four precautions that I think that you guys could take so that your website does not get infected by viruses and malware's all right guess so enough of talking now let's see how we can first scan our website so first of all to scan your website whether there is some malware some virus on your website or not you can go to google and type in this thing security a website scanner or just security scanner s you see URI you'll see this first link side check dot secure e dotnet you can just simply go to this website site checked out secure e dotnet now enter your website link over here so just let me copy the website link from here let's paste it over here and click on scan website now as you can see here this thing is a maximum which means that I have a lot of malware on my website so this is a very bad and very dangerous thing at the bottom also you can say you can see over here that on this page on all these pages mal Bears were found and so on and you get this message your site is hacked and needs immediate action our attention so you can see from here that your website is hacked or your website is infected with malware you might sometimes seem low medium or high whatever it depends now this is the basic way of just finding whether the website is infected with malware or not the other way that I would recommend you to do is in fact that is the thing that we have to do you have to go back to your dashboard now hover over plugins and click on add new we want to add a new plug-in so that plug-in will help us to scan the website for malware and also to remove the malware and viruses from the website now here you have to search for wordfence wor d f e NCE now this is the plug-in wordfence security firewall and malware scan now as you can see just a few moments ago in the precautions I said that you have to use a nice reputed come flood in so as you can see this plugin has got three million plus active installations and thirty-four hundred plus five-star rating so make sure you use some plugins like this okay make sure to always check these things before you know installing any plug-in and also check this thing when was this plug-in updated so this was updated just few weeks ago and some plugins are updated every single day so make sure to use those kind of plugins and also it says this plugin is compatible with your version of WordPress now make sure to install and activate this so instead of this thing you'll see a button like this Install Now button make sure to click on that Install Now button after it is installed you will see activate button click on that activate button once you install and activate that plug-in you will see a new tab at the left-hand side so you can see at the left inside bottom a new option is available over here wordfriends hover over that and click on scan now you'll see this kind of page you can simply click on this button start new scan and it will scan it but what I would recommend you is first change the scan type so you'll see this link manage scan click on that link now by default this one is selected Limited scan we have to select this one high-sensitivity now scroll down make sure everything under general options is stick marked after that you'll see this option performance options tick mark this thing as well use low resource or scanning so if you tick mark this thing what happens is or to scan your website your website your or website will use very limited resources so that would be good for you because if you use very high number of or very high amount of resources on your website or your hosting company might take some action against you so make sure everything that you see on your screen is tick mark and after that click on Save Changes after that you can come back so you can again under wordfence you can again click on scan now you'll see something like this make sure scan type custom is selected okay custom should be selected over here now you can click on this button start new scan I have already scanned it that's why as you can see the results are showing over here at the bottom it will scan these things it will scan your server state your file changes malware scan content safety publics all these things ok so you have to click on this button start new scan it will take around 5 to 10 minutes or sometimes even more than that so just wait for that time once it is scanned you'll see something like this so if your server state everything is fine you will see this tick mark in file changes as you can see we have some problem which means that for some of the files were changed we will see what files were changed and how it got changed then on malware scan also we have a problem as you can see we have this sign which means we our website has some malware after that content is fine public files is also fine we have a strong password which is also fine now let's see the results you'll see few results at the bottom there are few colors will be there like at the bottom three things are this medium orange color so these are very simple things you can just ignore them because they are just telling you to update the plug-in ok so if your plug-in has our latest update make sure you update the plug-in the problem is this red signals red files as you can see these are all the red and this dark red or maroon color so these are the problems so let's start from the top first option or first problem is that this file appears to be malicious and this file location is given over here it is under WP includes and the file name is post dot PHP now when you click on this file you'll see some more details so it says details is that this file appears to be installed or modified by a hacker to perform malicious activity if you know about this file you can choose to ignore it or if you you can exclude it so whatever now there are three different options over here view file view differences Marcos fixed you can click on this view link to view that file how that file looks like so you will see the exact PHP file second option is view the difference so there are a few files that are present on the website and after that or what these these hackers do is they in fact some things or they write some codes some PHP code on that file and they will install malware malware on your website so that is exactly what is happening over here so here as you can see when you click on this button this is a very important but button view differences so you will see the original file should look like this okay if you don't know anything about PHP don't worry I'm just trying to explain you in more detail so that you can understand everything so here as you can see this it should look something like this but here we have some extra thing over here and that extra thing is highlighted with this orange color I don't know if you can see that or not but if you see that on your website you can see if so this extra thing is highlighted in orange color we have to delete this extra thing we have to get rid of this extra code which is present over here which should not be present on this page or on this file so let's see how we can do that so for that you have to go back to your cPanel now if you're using side ground you can go to UA dot side ground comm and you will see your cPanel click on my accounts here is the button go to cPanel click on that button so whatever hosting company you're using just go to the cPanel and here you have to search for file manager every single cPanel will every single hosting will have this option file manager option click on that now from here you have to select the document root that you are trying to use so basically you have to select the website that you want to use or that you want to visit if you have multiple web sites you get this option so I will select block do.com select this option and click on go all right now you should see a new page like this from here also you can open that file as you can see in this page from the left hand side you'll see all your different websites so here is blocked calm I'll click on that now one very important thing to note here that I am getting this option or I'm getting this folder blocked or calm because I have many different websites like as you can see or and there are many different folders for different websites but if that domain that you're using is your main domain which means that that is the domain that you use that is the only domain basically that is the only website that you see that you use then what you can do is you can instead of selecting blocked or calm you have to select this option public HTML you'll see this file public HTML and select this file and do all the changes that I'm going to show you right now in this file in this folder public HTML folder if you don't see any folder by your website name again I am saying if you don't see your website name in any folder like I am seeing like crazy fashion or dot dot in or whatever it is block - dot-com anything like that if you don't see any folder like that make sure to select this option public HTML in fact I think this is the option that most of you guys should be selecting public HTML because most of the people just use this thing on only one web site so make sure to select public HTML from here and if you're if you want to use this on some other website that you have hosted on the same hosting then select that website file and now let's get our let's search for that file so that file link was you can see that file link or that file location from here file name WP - includes slash post dot PHP which means that there is some folder in our directory called WP - includes and in that folder this file is present so let's find that so let's see WP includes here it is WP - includes this is the folder double double click on this folder and let's search for this file post dot PHP so let's scroll down to P and here it should be here it is post dot PHP now what you can do is you can select this thing and click on this button at the top download button click on that button a new file will be downloaded now to open this while there are many different plugins on there are many different software's available what I would recommend you to use is sublime text this search for sublime text 3 this is a free software that you can use to open PHP files you can use it using notepad that is already present on your webs already present on your computer or laptop but this this software is much better option so I would recommend you to use sublime text 3 free option very good option now let's open this so simply click on this post dot PHP select any file that you or any software that you want to use you can use you can select notepad to open this file I am selecting sublime text select this thing click on OK alright guess so this is how the page looks like now don't get confused don't worry everything is very very easy just calm down and follow my instructions I know when people see these codes they just lose their mind but don't worry everything is very very easy let's go back to the differences page ok when we click on this view differences we got this option now you will see this thing is highlighted ok which means that this is normal you should see this statement first ok PHP statement and after that you should see this but here is the problematic or modified version so here after this thing we have some if statement so if and all this things so this is one or two line we have to get rid of these two lines so if you open this file you'll see this is the line that we have to get rid of if till here ok and let us select this much and delete it all right so it is deleted now we can just press ctrl s to save the file file is saved now let's see whether it looks similar to this one okay so we have PHP here we have PHP here we have after that you can see now it looks very much similar to this thing we and once you save it what you can do is you can let me first bring it over here yeah you can come back to this page your file manager page now you can upload this file that you just downloaded and modified so click on upload select file and go to download this is the file post file dot php' this is the file we downloaded and we deleted that line now we can select this modified version click on open it will be downloaded and this will ask you whether you want to overwrite this thing yes we want to overwrite it so select this click on yes ok uploaded successfully now let's come back over here so click on this link go back to whatever link it is now what you can do is you can come back to differences page and refresh it now we should see everything normal refresh it everything looks fine okay we have PHP in this also we have PHP so there is no changes over here so which means that we have fixed this file okay now let's move on to other file or other problem so I'll cut this thing come back to this page we have fixed this thing now let's move on to second one this is the one file appears to be malicious now this is very simple again in WP includes we have one file now WP - temp TMP we don't need this file this is a malware or this is a virus file so we don't have to do any changes we can simply delete this file so let's come back to this file manager again and let's search for WP - temp dot PHP so let's scroll down at the bottom you will see this file at the bottom as you can see WP - TMP dot PHP select this file and from top select delete now make sure you select this option skip the trash and permanently delete the files click on confirm okay that WP TMP file is gone now if you are doubtful whether that file is deleted or not you can click on this and click on view file let's see what happens okay now as you can see we could not open the file or reading which means that file is not available alright so this was quite easy the other file is also very simple to get rid of this is also WP - VCD dot PHP so this file is also not included in the version in the WordPress core file this is also a malware or viruses file we can just delete this file so it is WP - VCD dot PHP again come back to the Pierre come back to the file manager this is the one at the bottom WP - VCD dot php' select that and click on delete now again skip this trash and permanently delete the files click on confirm now if you're not sure about any file that whether that file is that whether that we can simply delete that file or we have to keep that file what you can do is you can copy the file name so I am just copying this much go to Google type in this file name you'll get some options like as you can see the first link itself says that this is a malware attack as you can see malware attack and we have to get rid of this file so you'll you have to do some extra research if you want to get rid of all these options okay now the third option is we have some changes in the functions dot PHP file now functions dot PHP file is a core WordPress file it is not a you know it is not a virus or a malware file but this file is infected the hacker has injected some backlinks or something like that in this file let's see what that problem is click on this again click on this button view differences alright now as you can see the hacker it has infected this piece of code ok very big piece of code you can see from here from this if statement to line number 184 till this PHP statement so we have to get rid of this so basically very simple we can convert this thing into very simple we have to just start from here PHP statement and we have to see this thing theme functions and definitions and about that whatever we see we have to delete this thing so let's open this file so this files location is this given over here WP content slash themes' slash ocean WP / functions dot PHP so let's go to that file so go back to your file manager now we have to come back so click on back again click on back alright now we have to first go to make sure you are under your website name block do.com or whatever your website is after that we have to go to WP content so here it is WP content double click on this folder then we have to go to themes so let's open the themes folder this is the one then after that we have to go to ocean WB let's open that ocean WP folder after that we have to open this file functions dot PHP again what we'll do is we'll search for that file first of all and that is over here functions dot PHP just click on that file and download that file once downloaded let's open it and you can see the code at the top ok this is the simple statement after that this if statement ok till here so here also you can see around 184 line till 184 line okey and if you see the difference is speed also from line 2 till line 184 okay as you can see this piece of code is extra piece of code that which is marked green we have to this delete this much and we have found that thing over here till line 184 ok now what we can do is we can select this much and delete it now you should have only this much PHP and after that you should have this star and theme functions and everything again make sure to press ctrl s to save the file again come back to your file manager upload this file just upload it select this functions dot PHP upload it again it will ask you to overwrite it make sure you click on yes once it is overwritten go back to that link alright now again let's come over here let's refresh this differences page all right now as you can see now there is no difference everything is fine we don't have any piece of code over here so this file is also sorted next file is again pH post dot PHP and I think we have fixed that but let's see again click on View differences all right so we have fixed this we don't have any problem over here that's fine next option is we also have deleted this thing WP a VCD dot PHP but just to be extra sure about that let's click on view file now as you can see this file is not present we have also deleted WP feed I think we have not deleted it let's see WP includes WP feed com so come back to this page click on back pack now let's in open this one WP includes go at the bottom and okay we haven't deleted it WP fields dot PHP so let's let me see whether this file is deleted or not when we click on view file we can see there is some file so we haven't deleted it so we'll come back over here we'll select this WP - feed dot PHP click on delete ok now cure select this option skip the trash and permanently delete the files click on confirm that file is gone now when we come over here and again click on view file now as you can see this file is also not present this is deleted alright so and after that we I think we have deleted this WP - TMP let's see yeah we have deleted it and after that we have another problem I think in functions dot PHP let's see view difference ok we have fixed that as well functions dot PHP we have fixed that now these two or things are not very important they are just saying that update the plug-in so that there is an update available for this plug-in jet elements for Elementor and there is an update available for element of row so we don't have to worry about this thing now just to be extra sure you what you can do is you can start a new scan so let's do that now because I'm starting a new scan this is going to take some time so I'll pause it and when this scan is over I will show you what is the result all right guess now as you can see the scan is done and everything is fine over here now everything is take mark which means that everything is fine server state is fine file changes fine malware is now no more present content safety everything is fine only this thing is problem and that I explained you earlier that it is not a big problem you just have to update your plugins so you can just go to plugins click on plugins from the left hand side and just update it as you can see Elementor pro and jet elements are Elementor has new updates make sure to update that so that was the only problem that was happening over there now again we can go to this website site check dot securacom dotnet to check this website but if you try to do the same scan on the same website it will again show you that it is still infected so what I would recommend to do is just copy this website link and open this in a new incognito window this would be a not much better option now let me copy the block dude link paste in that link and click on scan website all right guess now as you can see everything is now normal we don't have any risk we don't have any malware nothing is found over here so we have successfully deleted removed malware and viruses from our website and this is how you do it now I hope this video was helpful for you if you find this video helpful make sure to subscribe and click on the bell I can give a thumbs up to this video share it with your friends and family on Facebook Twitter I would really appreciate that and also it would help many people there are many many websites that are infected with these viruses and people are not able to get that thing done they are not able to delete these things they are not able to remove them so even if you just share this video with your friends on Facebook and different platforms it will be very very helpful for different people for other people's alright guys so thanks a lot for watching this video see you in the next video

Info

Channel: Nayyar Shaikh

Views: 101,431

Rating: undefined out of 5

Keywords: wordpress, wordpress malware removal, wordpress malware, wordpress security, wordpress plugin, how to remove virus from website, how to remove virus from wordpress website, how to remove malware from wordpress site, how to remove malware from website, how to remove unwanted ads from website, wordpress website hacked, wordpress website hacked how to fix, how to fix hacked wordpress site, wordfence, wordfence security wordpress

Id: ISRXLDg6vYo

Channel Id: undefined

Length: 25min 37sec (1537 seconds)

Published: Sun Jul 14 2019