In this tutorial, we will see how to find and remove malicious code on your WordPress 6.0 [2022].

Before we get to our topic, let’s take a quick look at how a malware attack can impact a wordpress blog or website:

  • A sudden drop in incoming traffic and SEO rankings – due to your users being redirected to other unsolicited websites or search engines like Google suspending or blocking your website from organic traffic.
  • Loss of customer conversions and revenue for your online business, resulting from loss of SEO traffic or website malfunction
  • Loss of customer records and data from your WP database, due to a data breach
  • Loss of brand trust and customer loyalty, due to a negative experience with your business.

These are just a few of the many ways your online business could be affected. Often the overall business impact of a malware attack on your site can take weeks or even months to recover. So it makes sense for companies to always keep your website free from malware infections.

How to detect and remove malicious code on your websites?

Before you start, we recommend that you make a full backup of your WP installation and database tables. Additionally, download or store your backups in an easily accessible location, from where you can easily retrieve and restore your backup to your website installation. To do this, you can use an automated backup plugin like BlogVault.

Mainly, for malware detection and removal, you need to perform the steps below:

  1. Perform a full scan of your website for any malware.
  2. Remove the malicious infection from your WP database and installation.
  3. Perform the follow-up steps to ensure that your website is not infected with malware again.

Now let’s look at each of these steps in more detail.

Step 1 – Scan or detect any malware on your WordPress site

find and remove malicious code on your site

To complete this step, you can opt for the longer manual method or the faster automatic method to detect malware on your site. Let’s look at each of them.

Malware scan using automatic tools:

For WP sites, you can select various malicious tools or plugins such as Sucuri or MalCare. For example, Sucuri has the free-to-download Sucuri Sitecheck tool, using which you can scan your site for malware.

If you are looking to perform a deep or deeper scan for malware on your site, you can use the paid MalCare plugin for quick detection. Another benefit of using this plugin is that it can also remove any malware if found on your site at no additional cost.

In the event that your website has been suspended or blacklisted, you can use the Google Transparency Report to find out the reason for the blacklist and then take appropriate corrective action.

Manual scan for malicious codes:

For manual malware scan of your WP installation and database, you need to open and check each of your backend files or folders usually targeted by hackers. These typically include critical files such as Core WP files, as well as configuration files and database tables.

Here are some of the targeted WordPress 6.0 backend files and folders:

  • wp-content folder
  • wp-config.php file
  • .htaccess file

We recommend that you individually check if any of these files or folders have been recently modified using their timestamp.

By any of these methods, if you detect malware on your website or database, proceed to the next step.

Step 2 – Remove malware from your WP installation

Manually removing malware from your WordPress site is a two-step process, including:

  • Cleaning infected files.
  • Cleanup of hacked database tables.

Before performing these steps, make sure you have the latest site backup or a fresh copy of WP (downloaded from the WP Repository) with the same version as your current installation.

At the same time, make sure not to overwrite your wp-config.php file or the contents of the wp-content folder during the manual process.

Here’s how to clean your infected files:

  • Launch any FTP tool like FileZilla and login to your WordPress 6.0 installation using your FTP credentials.
  • Identify infected backend files or folders and replace them with the cleaner and the corresponding file or folder – from your backup or downloaded copy.
  • If you customized any of the installation files, you should open each of the custom files and check for any suspicious code. If found, manually remove them from each file.

Next, here’s how to clean up your database tables :

  • Login to your database administration panel and search for spam keywords or links in each of your database tables.
  • Manually delete all records with suspicious entries or drop the entire table.

This manual scanning and cleaning process is effective for standard or common malware attacks. However, hackers are constantly innovating and coming up with clever ways to infect WP files, in which case this manual method may not be sufficient and effective to remove the malware.

Compared to this manual process, automatic malware removal is much less technical and more thorough.

This effectively removes all malware from your installation files and database tables.

Once you have implemented step 2, you can ask your web host to restore your website to normal.

Step 3 – Make sure your website won’t be hacked in the future

Scanning and removing malware from your website doesn’t mean the job is done. You also need to make sure that it won’t be hacked in the future.

secure wp

To secure your website against future attacks, here are three follow-up measures you can implement for this step:

  • If you used the manual process to remove malware, it’s a good idea to download and reinstall a fresh version of WP – with each of your plugins/themes installed. If you are using an old or outdated version, update it to the latest version available which contains all the latest patches and security patches.
  • Reset all your user passwords to prevent attacks like the brute force attack, which targets your login page. As a security measure, enforce the use of strong passwords of at least 10 characters. Make sure all of your users use unique usernames. Also, limit the number of users with “administrator” (or admin) rights.
  • Run another malware scan on your cleaned website and database to check for any hidden malware (also known as backdoors). Backdoors contain malicious code that can infect your website in the future. Since it is not easy to detect backdoors, you need a powerful backdoor scanner tool that can search every installation file and database record and then remove the backdoors permanently.
  • Finally, the most effective measure you take to prevent future malware attacks is to install a security tool on your site. Among all of them, we recommend you to go for MalCare or Wordfence as their advanced algorithm detects even the latest malware and is also effective against hidden backdoors. They also have a built-in web application firewall that can also block unauthorized IP requests from suspicious IP addresses, thus effectively hardening your website and blocking future attacks.


Experiencing a hacked website over and over again is unfortunate, but it’s not the end of the world. We hope that by following the steps mentioned above, you will be able to clean up and restore your hacked website. The first change to make is to recognize website security as an important part of your WordPress maintenance tasks.

Although we have discussed both manual and automatic methods to scan and remove malware from any website, we suggest you choose the automatic methods. This is because manual scans and cleanups require a considerable investment of time and effort. The security plugins are designed exclusively for WordPress and combine several security best practices into their competitively priced offerings.

Do you have other security issues? We would love to hear from you. Good luck!

If you liked this article, please subscribe to our reddit community to discuss it. You can also find us on Twitter and Facebook.

Tagged in:

About the Author

SAKHRI Mohamed

The blog of a computer enthusiast who shares news, tutorials, tips, online tools and software for Windows, macOS, Linux, Web designer and Video games.

View All Articles