STEP 2: Backup Your Current Site
Assuming you can confidently claim your site has been infected with malware, only then should you continue forward with this guide. The next step is to backup your current site. Some of you may be wondering WTF! Why would you backup an infected site? For some non-technical, wordpress-savvy users, I’m just trying to ensure there’s a way back to the current state should this guide not result in a positive outcome. They can easily get back their original state. Besides, it’s possible one could royally mess things up so backing up prior to starting is highly recommended especially for newbies.
If you need a backup plugin, you can use plugins such as:
BackupBuddy – This plugin lets you backup everything including plugins, uploads, themes, etc. It’s my go-to backup plugin and quite easy to use.
WP-DB Manager – free plugin and quite reliable for perfoming a backup of the WordPress database. This may be sufficient for most people. Note it does not backup your themes, plugins, or uploads. Just the WP database.
For sake of reference, let’s call this initial backup: YYYYMMDD_sitename_BEFORE.zip (where YYYYMMDD is the year-month-day). Good naming conventions are important! Again, this backup step is simply a precautionary measure just in case you wish to revert back to the original state.