Here are a couple of plugins I always rely on for identifying and fixing malware on hacked WordPress websites.
Even with these tools, ridding a hacked site of malware and malicious code is not a task for the faint of heart. If you want to leave things in the hands of professionals, I recommend that you trust Sucuri to clean your website and restore it to its former glory.
Sucuri secure your site, so that you don’t have to. Through their professional security analysts, Sucuri offer a number of featuresΒ to protect your site including malware scanning and detection, malware clean-up, security monitoring, malware prevention and more.
Malcare
This innovative new plugin,Β from the makers of the excellent BlogVaultΒ service, works in tandem with a remote service that relieves your hosting of the processing burden incurred by continuousΒ security scans. The plugin also hardens your site according to current best practices, reducing the risk of you getting infected in the first place.
The included backup service also conserves your hosting resources by using an ingenious “incremental backup” technology, perfected during their years running BlogVault, which only backs up the bits of your site that have not been backed up already.
Your website is continuously monitored service – so that even the most complex infectionsΒ are detected quickly, allowing you to carry out a one-click malware removal before Google or other search engines notice the problem and delist your site.Β This is the most advanced WordPress security plugin/service so far but we expect the other providers to follow their lead.
MalCare also offers a one-time WordPress Malware Removal Service that will clean your WordPress website in a jiffy.
Wordfence
Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups.
Wordfence Security is 100% free, however they also offer a Premium API key that gives you access to their premium support ticketing system along with two factor authentication via SMS, country blocking and the ability to schedule scans for specific times.
Anti-Malware & Brute-Force Security by ELI
This anti-malware plugin searches for malware and other virus like threats and security vulnerabilities on your server and it helps you remove them. Among its features you’ll find:
- Automatic removal of “Known Threats” and “Back-doors”.
- Automatically block SoakSoak and other malware from exploiting the Revolution Slider Vulnerability.
- Patch wp-login to block Brute-Force attacks.
- Download Definition UpdatesΒ to protect against new threats.
- Automatically upgrade vulnerable versions of timthumbΒ scripts.
- Customize Scan Settings.
- Run a Quick Scan from the admin menu or a Complete Scan from the Settings Page.
Download Anti-MalwareΒ & Brute-Force Security by ELI
Backup Buddy
Backup Buddy’s primary strength is that of creating backups and restoring those backups later. However it also has a malware detection feature which is very accurate and is powered by Sucuri’s own scanning feature. I highly recommend that you have a copy of Backup Buddy running on all your websites as I do.
Some of its other features include email notifications, server tools, database scans and even a migrate function for those developers who like to work locally then transfer their site to a live domain.
In addition to the plugins mentioned above, which can be used on an ongoing basis, or as an antidote to clean hacked sites, I also make use of several other plugins to beef up security on WordPress sites:
Login Lockdown
Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.
Centrora Security
Centrora Security is a new plugin that’s modified from OSE Firewall Security. A WordPress Firewall Security plugin to protect your WordPress sites from attacks and hacking.Β The built-in malware and security scanner helps you identify any security risks, malicious codes, spam, virus, SQL injection, and security vulnerabilities.
Some of its new features include a database backup function, central security management integration with Centrora Panel, s file upload scanning function and even a Google authenticator (2-step authentication) function. You can find more information on their website.
WP Security Audit Log
Keep an audit log and track of everything that is happening on your WordPress andΒ WordPress multi-site with WP Security Audit Log plugin to ensure user productivity and identify WordPress security issues before they become a security problem.
By using the WP Security Audit Log security plugin it’s very easy to track suspicious user activity before it becomes a problem or a security issue. Β ThisΒ security monitoring and auditing plugin is developed by WordPress Security Consultants and Professionals WP White Security.
Download WP Security Audit Log
If you enjoyed this post, make sure to subscribe to WP Mayor’s RSS feed.
27 Responses
Thanks for your information..
Its Help me..
Como proteger un sitio en wordpress cuando cambia el uft-8 y cambia por otro por ejemplo uft+0 o uft-5
Y otra pregunta, limpiar de la lista negra de google
how to block google malware block, whether with this plugin can remove our blog from malware detected google
Best way to prevent: change passwords frequently, harden plugins, upgrade your hosting or an easier solution is to use a Malware find, fix & prevent solution. I use www.siteguard.com and they’ve been rock solid. I run across all my client sites.
great list of plugins well worth using them all
Thanks for the post! I use
I think itβs a great.
Looking forward to reading more of your posts.
You wouldn’t need to mess with difficult and unreliable recovery if you’d make backups often enough.
Look up at Web Support Revolution. My backups are created few times a day and all changes are monitored.
When I had problems with repeatable hacks, it was just few clicks to restore the good version.
But after I’ve also set their firewall – backups are needed only for cases when I brake something by myself.
Hi Guys,
I am getting daily 200 mails through site..How to stop it.Please suggest for same..
URL :
Hy guys, i install the ( Anti-Malware & Brute-Force Security by ELI) is the best. My site is clear now. Thanks for this post.
Milton
Brazil
As the owner of a high traffic blog i hate to be busy with these kind of things, although very important. What people seem to forget is that a managed hosting provider can safe you a lot of time. Here is what a hosting provider can do to keep you safe:
It is important that folks realize that hacker payloads will usually contain hidden hacker backdoor files that are not going to be detectable by any of these plugins. So what will happen is the obvious hacked stuff will be found and cleaned by these plugins, but the hack will just happen again since the hidden hacker backdoor files were not detected/found. If you look at the current Wordfence support forum you will see several current threads where this is happening. It is better to know the truth about what you are dealing with to take care of it 100% vs trying band-aids that are not really going to fix the hack problem.
@Jean – “For extra security…” is quite an understatement for current versions of BPS Pro, but back in 2013 BPS Pro was not nearly as powerful as it is now. π BPS Pro currently has a perfect track record. Yes, that means that no one with BPS Pro installed has had their website hacked.
Great stuff! I get lost and emotional if I get minor issues with my Blog! I can’t imagine what I’d do if something major happened! This information is very useful, Hosting company has suspended my account due to some infected files uploaded by hacker or i don’t know my site name is brightverge.com please share some tips to make strong my site security. I thank you for you time & effort, it’s clearly not one of these 5 minutes posts! Quality! Love it, regards
I downloaded Anti-Malware & Brute-Force Security by ELI on your recommendation, and also based on other reviews that I saw online. I had an extremely invasive php malware infection in ALL of my websites, in wp files, and even throughout theme files. A few other plugins I tried did not work, or messed something up, or were confusing. Eli’s plugin was amazing, and I would highly recommend it. It cleared all of my sites.
Hi Jean,
Thanks for the info! Our website has some content on viagra, which shows only in meta description in Google Search Results, we have tried Sucuri but the malware still exists. Please let me know what to do.
In that case your best is to contact a professional WordPress security expert.
great article was written for the Best Plugins to Fix Hacked WordPress Websites……
It seams like the plugins are why I keep getting hacked. A vulnerable plugin let someone into my site in the first place.
That’s a very common reason why a site gets hacked. Keep your plugins updated, always.
What do you think of Limit Login Attempts plugin? I’ve hear Word Fence is very good too.
Both are good plugins, but ones I would keep running all the time rather than install to fix a hacked WordPress site, which was the main topic of this post.
Hi Jean,
Very Good Info. I was searching for this info since some time. Now I got awesome information from this post. thanks again
Jean great info. I have installed WP File Monitor plugin. Want could this mean, I get a WP file monitor alert that says β changed: benny/.ftpquota β should I be concerned?
Thanks Mayor
Jerry
No you shouldn’t be concerned about that Jerry. Keep a special eye on theme file changes and also plugin file changes (excluding updates of course).
hi Jean what about better wp security – it also gives overall protection how would you rate it pls?
It’s a very very popular plugin, and it’s a very good idea to keep that installed at all times. I didn’t include it here since the post was more about hack removal. For extra security BulletProof Security Pro adds many other features that are not found in the free version.
Good info Jean as usual may I add.
Some advice please – do you install them all as they all seem good?
Excellent question Joseph, the ones I always have installed are BackupBuddy (mostly for its backup functionality) and Login Lockdown, I tend to install the others only when I need to clean a hacked site. Since I host with WP Engine, keep everything updated, and use very trusted plugins, I don’t need to overdo it with security plugins.