If you can’t log in your WordPress dashboard because of a malware attack, It is not so easy to remove malware from the WordPres website. So we recommend you to hire someone who is expert in this field. We also provide WordPress malware remove service please contact us If you are in need of this service. But if you are a techie guy and do this by yourself this article is for you. I am describing here how to remove malware from WordPress without login to the dashboard.
If you are able to log in to the WordPress dashboard please follow the article How to remove malware from WordPress website. Because we have described there, a very easy technique using plugins.
Sometimes attackers add some codes and block log in access. Please follow the steps if you don’t have access to the WordPress dashboard.
01. Backup your database and files
- Backup the full server if there is an option to backup from cpanel. This option is not available on all hosting servers.
- Use a backup plugin if you have access to the WordPress dashboard.
- If you have login access you can also take a backup of your content from dashboard -> tools -> export.
- Take a backup of your SQL database by following these steps.
After taking a backup of your database. The next important step is to make a backup file of your uploads. Go to your cpanel -> file manage -> public_html and make a zip file of your wp-content folder then download the zip file. Themes, plugins and upload files are included here.
.htaccess file: There is a massive control on websites using .htaccess file. Many people put 301 SEO redirection code on their .htaccess file. So by hacking this file attackers can control your website. Take a backup of your .htaccess file and regenerate a new one.
Note: Normally you can’t see the file in your hosting file manager. Because this is an invisible file. You can only see this when you enable the show hidden files option.
02. Test the backup files
- The wp-config.php file: This file is important because it contains the name, username, and password to your WordPress database which is very important and you need to use in the restore process.
- WordPress Core files: Download a WordPress from WordPress.org and check out the files in the download and make a cross match to your own.
- SQL database: All the data of your website is in this sql database file. So you should take care of this.
- wp-content folder: This is the main folder which you need to restore. The folder contains three folders named themes, plugins and uploads. If you see these three folders then you can be sure that you took the backup properly.
- .htaccess file: You may need this file so take a backup of this file in your pc. You should check the code of this file by opening this file using any code editor like vs code or sublime text.
These are all files of your website backup. Now you should test the files.
03. Install a fresh WordPress
Install a fresh WordPress in your local host or another hosting. Now upload your old website step by step.
- Firstly, import your SQL database which you exported from phpMyAdmin. You should also import this from here.
- Secondly, install a fresh theme.
- Thirdly, Upload the files from your wp-contents -> uploads folder.
- Fourthly, check the plugin list and install those plugins from the WordPress directory. Note that, Never install the plugins from backup files or plugins from third party sources.
- Finally setting up your permalink and others settings like your previous website.
Now check the website and content is safe and restored properly. Now you can go for the next step. If you don’t have your data please hire someone who is an expert to remove malware without log in WordPress or able to solve any problems.
04. Clean your cpanel to remove malware without log in
When you confirm that your website and data is safe go to your cpanel -> file manager and delete all the files in the public_html folder. If you have multisite on your one hosting please go to the subfolder. And make sure that your other websites are safe from malware. If they are also affected you need to make backup and restore for them also.
Now re-install WordPress in your website and restore the files like previous procedures or migrate the local website.
05. Scan your website
You have got your website and data, Now it’s time to check the vulnerability of the website. Go to your WordPress dashboard and install a security plugin(We recommended Wordfence Security plugin) and scan your website. Please follow the post that describes how to scan malware on WordPress websites.
Now you can see there is no malware in your website.