How to Remove Malware Popup Ads from WordPress Websites

So, you have logged into your website only to find a “You’ve got a virus!” pop-up on your page. What do you do?
Firstly, don’t click on it, no matter how legit it looks, as you can end up downloading a virus that can then steal your data, cause ransomware attacks, or hijack your browser.

Some malware pop-up ads will even ask you to download their antivirus program to fix your “problem” in exchange for money, but their real intention is to get your credit card data and clean your bank account.
You don’t want your visitors to associate your website with an unpleasant experience, so you should try, and fix this problem immediately.
Make no mistake, removing malware pop-up ads is not an easy task, but it can be made less difficult if you follow our nine-step guide.

  1. Scan your website
  2. Scan your computer
  3. Backup your website’s files and database
  4. Reinstall WordPress
  5. Inspect your backup files
  6. Reset all your passwords
  7. Reinstall plugins and themes
  8. Upload all images from your backup files
  9. Activate security plugins

Let’s wipe your website clean!

1. Scan your Website

The first step is scanning your website with either external remote scanners (crawlers) or scan plugins.

The three best plugins for scanning a website are:

  • Quttera is a plugin that runs on cloud technology. It offers one-click scan, unknown malware detection as well as external links detection. It can also inform you of your blacklist status and send you a detailed investigation report.
  • WordFence offers a malware scanner that can check your core files, themes, and plugins for any potential threats, including bad URLs, malware, and malicious redirects.
  • GOTMLS is a plugin that can check the integrity of your website’s core files and download new definition updates automatically when running a complete scan.

The following two are the most popular remote scanners:

  • VirusTotal is an online service provider that examines suspicious files and URLs for malware and malicious content by using antivirus software and website scanners.
  • Site check is a free, remote scanner that acts like a crawler and checks your website for malware threats, outdated CMS, blacklisting, and any other signs of security breaches.

Each of these solutions searches for and reports on different things, so it might be best to use them both to ensure you don’t miss anything.

2. Scan your computer

Many hackers will run trojan viruses locally in an attempt to extract your login access information for your website. This is why you should also scan your local environment (desktop computer, laptop, etc.).

3. Backup your Website file & database

The next thing you should do is perform a complete WordPress backup. This means saving your website’s files (videos, images, graphics, etc) and database (posts, pages. comments, usernames, etc.).

You can do your backup manually or through your hosting provider (provided your host offers this in-built solution), but performing a website backup with one of the WordPress backup plugins might just be the easiest way to tackle this task. 

There are over 20 plugin options you can choose from, but the following three are considered to be among the best ones:

  1. UpdraftPlus is an easy-to-use plugin that supports many cloud options, including Google Drive and Dropbox. With this plugin, you can schedule your backups however often you want.
  2. BackupBuddy is another user-friendly plugin that also allows you to schedule your backups. With BackupBuddy, you can customize your backup content and migrate to a new domain if needed.
  3. BlogVault is more of a SaaS solution than a backup plugin. It uses its own servers for storing your offsite backups so you will avoid overloading your server.

When you finish the backup, download it to your computer for further examination. But before you do that, you need to reinstall the WordPress software, and we’ll explain why in our next section.

4. Reinstall WordPress

You can reinstall WordPress with a one-click installer on your web hosting control panel. Upon finishing the installation, edit the wp-config.php file so that you can use the database certifications from your previous website. This will link the new, free-from-hacked-code WP to your old database.

Reinstalling WordPress is important, as this will help you compare your backup files against new and clean files.

5. Inspect your backup files

This might be the most important and challenging step. You’ll need to go through all your files and folders to try and identify any malicious code.

Use your newly-installed WP as a reference point and see if the backup files have any altered lines of code compared to the clean core files. 

The next step is examining your theme and plugin folders. Since malware doesn’t typically follow WordPress standard naming protocols, look for any inconsistencies in the names of your theme and plugin folders.

Lastly, you’ll need to examine your .htaccess file. When infected, this file gives the hackers an open door to redirect your visitors to any other site they want.  Remove any suspicious or added lines in your .htaccess file.

6. Reset all your passwords

Log in to your website and change all user names and passwords. If you detect unauthorized users, you can be certain that your database is compromised and might still contain unwanted, malicious code.  

This can mean a massive security breach, so it might be best if you contact professionals for help. Try to find a local cybersecurity agency to assist you in resolving this problem. Why local? 

Let’s say you are located on the east coast. It’s best you hire a cybersecurity company in New York to avoid all the trouble a time zone difference can cause and get your issue fixed as quickly as possible.

7. Reinstall plugins & themes

Do not use your old themes and plugins; instead, install them from the WP repository. This is important as the majority of malware on WP websites comes precisely from themes and plugins, and some are even made with malicious intent, to begin with.

8. Upload all images from your backup files

Uploading all the images from the backup files is yet another time-consuming task. You’ll need to inspect each year/month folder to ensure they contain image files only.
Do not upload your images if you detect any PHP or JavaScript files, or if you spot anything else you know shouldn’t be in your Media Library.
When you complete all checks, you can upload your images from the backup files to the server via file transfer protocol (FTP).

9. Activate security plugins

You probably don’t want to encounter any malware pop-up ads on your website ever again. So, you’ll need a security plugin to keep your site safe and operable. Here are the three most trusted security plugins available today:

  1. Sucuri is one of the best and most used WP security plugins currently on the market. It offers WordPress firewall protection that can block most malicious attacks. It even filters suspicious traffic before it reaches your server.

In case your website gets infected while using this plugin, the Securi team will clean up your WP website at no additional cost.

  1. Wordfence is another WordPress security plugin you can trust. It can be set to scan your website automatically, but you can also launch a full scan whenever you feel the need. Wordfence will alert you of any security breaches and send you detailed instructions for fixing the problem.
  2. All-In-One WP Security (AIOS) is a user-friendly security plugin specifically designed for WordPress websites. It offers login security tools, an automatic web application firewall, and content protection features.

How to know if your website is hacked?

A malware pop-up is an obvious sign that your website security has been breached. But there are other threats that can go under your radar. Here are the 10 indications of an infected website:

  1. A warning message from Google or any other browser, saying that your website might be hacked.
  2. Your hosting provider disabled your website after a security scan.
  3. Blocked outbound ports 80, 443, 587, and 445.
  4. Frequent complaints from customers about their credit cards being hijacked.
  5. Your emails end up in your customers’ SPAM folders.
  6. Odd-looking JavaScript in your website code.
  7. Your website runs slowly and shows error messages
  8. Unexpected error messages in your error logs.
  9. Recently modified files.
  10. You see a traffic increase on pages that don’t exist.

Key takeaways

If you encounter a malware pop-up ad on your WP website, start performing a backup immediately and download your backup files and folders to your computer for further examination.

Remove any suspicious files or code lines and reset all your passwords before you upload your backup files onto the server. 

To ensure you don’t come across this problem again, activate the security WP plugin of your choice.

We hope our article helped you save your valuable website database and provide you with useful tips for cleaning your website of any malicious threats.

Author Bio

Travis Dillard is a business consultant and an organizational psychologist based in Arlington, Texas. Passionate about marketing, social networks, and business in general. In his spare time, he writes a lot about new business strategies and digital marketing for DigitalStrategyOne.



Leave a Reply