How to Remove Malware – Infected Site Guide

STEP 7: Update / Remove Themes and Plugins

To ensure that our site has not been compromised by a theme or plugin, we’ll need to do some cleanup.


  1. FTP to /wp-content/themes.
  2. Delete every theme except the theme you had activated. This will ensure those other themes do not have lingering malware files. In certain cases, even inactive themes were found to contain malware. This is why we’re deleting them in this step.
  3. At this point, you may also want to replace your activated theme folder with a clean copy as well.


We definitely want to get a clean version of ALL plugins, especially any that contain java. In some cases, the infected files will usually be in a folder inside a plugin folder called js, jquery or Ajax. So let’s take steps to ensure plugins are updated.

A) IF you have access to your WP dashboard, de-activate ALL your plugins – not just one, ALL of them. I personally recommend deleting every plugin, and then re-installing them to ensure you eliminate any lingering malware files.

B) IF you do not have access to your WP dashboard,

  1. FTP to /wp-content/plugins.
  2. Delete every plugin. will feature articles on WordPress (themes, plugins, and tutorials, Internet Marketing, Blogging, SEO, Web Design, and Social Media

Leave a Reply

Your email address will not be published. Required fields are marked *

Want a 25% discount on plugins?

Receive a 25% discount code for DraftPress plugins when you sign up to the newsletter!

We promise never to spam or share your information.
Powered by Popup Fire