Title: Malware Removal
Last modified: September 15, 2020

---

# Malware Removal

 *  Resolved [junaidshakeel](https://wordpress.org/support/users/junaidshakeel/)
 * (@junaidshakeel)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/malware-removal-6/)
 * I want to know that is there WordFence security plugin is capable to remove malware
   from my active site. Because my website is under-attack and shows there is malware
   on my website by checking WordFence security plugin. If yes then I’ll buy a premium
   account for WordFence. If this plugin failed to clear my website from malware
   then is there any refund policy?
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fmalware-removal-6%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 1 replies (of 1 total)

 *  Plugin Support [WFAdam](https://wordpress.org/support/users/wfadam/)
 * (@wfadam)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/malware-removal-6/#post-13408313)
 * Hello [@junaidshakeel](https://wordpress.org/support/users/junaidshakeel/) and
   thanks for reaching out to us!
 * Wordfence is capable of repairing and removing malicious files on a website. 
   Though in your situation, where you are currently under attack and have malicious
   files popping up, I would recommend cleaning your site as well.
 * Some causes of a hack are impossible for any WordPress security plugin to protect
   against:
    1) If you are using a weak password for your hosting account control
   panel or FTP account then a hacker may gain entry this way, with full access 
   to your site’s file system and database. 2) You are storing unmaintained, unarchived
   backups of your site that are publicly accessible that contain exploitable vulnerabilities.
   3) You are hosting more than one PHP application, such as more than one installation
   of WordPress, in the same hosting account and infection can spread from another
   application to this site. 4) You have unmaintained or vulnerable 3rd party scripts
   installed in your hosting account. Examples would be the Adminer or SearchReplaceDB
   database management tools. 5) A nulled theme or plugin with malware already pre-
   installed. If you paid for a theme or a plugin outside of the vendor’s website
   at a massively reduced price, that seemed too good to be true, then it is likely
   to be nulled. 6) If you are using a shared hosting account a neighboring account
   can be infected and spread the infection to this site. 7) Your WordPress wp-config.
   php configuration file could be readable to the hacker, either directly via your
   hosting account, via a vulnerable plugin, or via another hacked site on the same
   server. 8) The hosting accounts on the server may not be properly isolated so
   the hacker has access to your database via another user’s database. 9) The server
   software has vulnerabilities that allow the hacker to get root access – such 
   as running an end-of-life version of PHP on the hosting server that has unpatched
   vulnerabilities. 10) If the hack took place at a time when you only had the free
   version of Wordfence installed then you wouldn’t have had access to the latest
   firewall rules that premium customers have access to. 11) You may be using a 
   plugin or theme with a vulnerability that is so severe that Wordfence can not
   protect against it and we may be unable to create a custom firewall rule for 
   the vulnerability. However, being unable to create a custom firewall rule is 
   very rare.
 * Wordfence protects against a vast variety of attacks. Whether you were hacked
   because of an unknown attack method or because there is some other issue in your
   system impossible to say at this stage without an extensive investigation. There
   are some aspects of your site security that are completely beyond our control
   such as vulnerabilities on your hosting server as described above. Although rare,
   for examples of hosting provider vulnerabilities please see these two articles
   below:
    [https://www.wordfence.com/blog/2019/06/service-vulnerability-four-popular-hosting-companies-fix-nfs-permissions-and-information-disclosure-problems/](https://www.wordfence.com/blog/2019/06/service-vulnerability-four-popular-hosting-companies-fix-nfs-permissions-and-information-disclosure-problems/)
   [https://www.wordfence.com/blog/2018/02/service-vulnerability-nfs-permissions-problem/](https://www.wordfence.com/blog/2018/02/service-vulnerability-nfs-permissions-problem/)
 * You have two choices:
    1) You can clean the site yourself by following the steps
   in this guide: [https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/](https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/)
   [https://www.wordfence.com/help/scan/scan-results/](https://www.wordfence.com/help/scan/scan-results/)
 * Useful links after you have completed your cleaning:
    [https://www.wordfence.com/blog/2017/04/20-minutes-to-secure-wordpress/](https://www.wordfence.com/blog/2017/04/20-minutes-to-secure-wordpress/)
   [https://www.wordfence.com/blog/2018/10/php5-dangerous/](https://www.wordfence.com/blog/2018/10/php5-dangerous/)(
   important note – this is an old blog post from October 2018 but still very relevant)
   [https://www.wordfence.com/blog/2018/10/three-wordpress-security-mistakes-you-didnt-realize-you-made/](https://www.wordfence.com/blog/2018/10/three-wordpress-security-mistakes-you-didnt-realize-you-made/)
   [https://www.wordfence.com/blog/2017/06/wordpress-backups/](https://www.wordfence.com/blog/2017/06/wordpress-backups/)
 * We also have an extensive Learning Centre here:
    [https://www.wordfence.com/learn/](https://www.wordfence.com/learn/)
 * 2) You can hire a professional service to clean the site for you. Wordfence offers
   such a service, as do others.
 * I hope this helps!
 * Thanks!

Viewing 1 replies (of 1 total)

The topic ‘Malware Removal’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [malware removal](https://wordpress.org/support/topic-tag/malware-removal/)
 * [premium account](https://wordpress.org/support/topic-tag/premium-account/)

 * 1 reply
 * 2 participants
 * Last reply from: [WFAdam](https://wordpress.org/support/users/wfadam/)
 * Last activity: [5 years, 7 months ago](https://wordpress.org/support/topic/malware-removal-6/#post-13408313)
 * Status: resolved