How to Find and Remove Malware From Websites

Malware, or malicious software, continues to be one of the biggest threats facing websites today. According to Google’s Safe Browsing Transparency Report, thousands of new unsafe sites are discovered every day, many of them infected with different types of malware.

The extent of the damage a malware attack can have on your website depends on a number of variables, and one of the biggest factors is how quickly you respond. The longer it takes to detect and remove malware, the more expensive the recovery process becomes. Unfortunately, many types of malware are deliberately designed to stay hidden for as long as possible. Eventually, however, the symptoms of a malware-infected website become hard to ignore.

This guide explains how to spot the symptoms of a hacked site, provides a detailed step-by-step process to remove malware, and outlines how you can protect your website against future attacks with tools like SiteLock malware detection.

What are the signs of malware on a website?

Certain malware attacks on a site will be detectable almost immediately based on noticeable signs. Even the most untrained eye can spot website defacements, where hackers mask existing site content with a message or image of their choosing. While defacements generally make up only a relatively small portion of malware attacks, others are subtle, quietly affecting performance and exposing your site visitors to risks.

Look for:

• Sudden changes to your website’s appearance (e.g., defacement)
• Notifications from your hosting provider that malware has been detected (which can also lead to account suspension)
• Spammy or suspicious content in search results
• Unwanted pop-up ads, redirects, or automatic downloads
• Unrecognized admin users or unauthorized changes to login credentials
• Missing or modified website files
• Pages that frequently freeze or crash
• Sharp drops in site traffic or engagement
• Google or other search engines blacklisting your website and displaying safety warnings
• Slower than usual loading times or unexplained spikes in server resource usage
• Disabled or altered security tools or plugins without your knowledge

Regardless of how it manifests, a malware infection poses serious risks. For small business owners, especially, these symptoms can have long-lasting consequences, including damaging SEO rankings, eroding customer trust, and even reducing revenue.

How to remove malware from a hacked website

If you’re not comfortable modifying files or databases, outsourcing malware removal to a security provider is often the fastest and safest option. SiteLock offers daily scanning and automated malware removal services, as well as SiteLock 911, which provides emergency cleanups by quickly removing malware and restoring site functionality.

On the other hand, developers or other individuals with tech expertise might choose to manually remove malware themselves, depending on the time and resources available. If you want to attempt a manual cleanup, carefully follow these steps:

1. Back up your website

Before you do anything else, create a full backup of your site. This precaution ensures that if something goes wrong, you can restore your site to its previous state. If the attack happened recently, you might even be able to revert to a pre-infection backup, which may quickly remove most of the malicious code.

Remember, restoring a backup doesn’t fix the vulnerability that allowed the malware in, so additional steps are still necessary.

2. Identify the source of the infection

Begin the identification process by accessing your files via FTP, SSH, or your hosting provider’s File Manager. While most file managers are built for basic edits, they can still help you review recent changes. Many shared hosts also generate daily malware scan logs (often saved as a “malware.txt” file in your root directory), which can provide quick insight into suspicious activity.

For deeper investigation, download your site to a local machine and run a search for unusual code. If you have command line access, you can take this further by searching for recently modified files or specific malicious code fragments.

The goal at this stage is to pinpoint exactly where malicious code is hiding so you can remove it without damaging legitimate site functionality.

3. Investigate suspicious files

Once you’ve identified the infected files, inspect them closely for suspicious syntax and malicious code injections. Malware often lurks within legitimate files, so deleting these files outright could cause future functionality issues.

If you are working with a WordPress site or another common CMS, compare your infected files to a clean copy of the same version. Often, simply replacing the compromised file with a fresh, clean file from the original CMS package will remove the malware while preserving necessary site functionality.

4. Remove malware from your site

After locating and confirming the infected files, remove the malicious code. Manually delete the code or replace corrupted files with clean versions.

However, to save time and ensure thoroughness, consider using an automated malware removal tool, like SiteLock, with the ability to quickly fix a hacked site.

5. Close security gaps and harden your site

Once the malware is removed, take steps towards hardening your website to prevent future infections. This includes:

• Keeping your CMS, themes, and plugins updated
• Uninstalling any unnecessary plugins to minimize potential backdoors for hackers
• Using strong authentication measures
• Implementing a web application firewall (WAF) to block malicious traffic before it reaches your site
• Regularly backing up your site so you can quickly recover if an issue arises
• Putting a website security plan in place that includes regular malware scans

A proactive approach will help you detect cyberthreats early or stop them altogether.

Website security is ongoing

Hackers are constantly searching for weaknesses, and no website is ever fully safe without active defenses. Protecting your site requires consistent attention, but even simple measures can make a meaningful difference. Installing updates and security patches as soon as they are released helps close vulnerabilities before they can be exploited. Automated malware scanners and patching systems make this process easier for site owners. It is also important to keep your site streamlined by using only the plugins and features you truly need while removing those you no longer use.

Why is this especially important for eCommerce

For eCommerce businesses, the stakes are even higher. A malware infection can slow down site performance, expose sensitive customer data, and interfere with checkout processes. Beyond the technical issues, the larger risk is often the loss of customer trust. Once a site is flagged by search engines, years of work can quickly unravel, leading to reduced traffic and lost revenue.

Neglecting website security does not just endanger the business itself. It also puts customers at risk, as they trust your storefront with personal information such as payment details and login credentials. Safeguarding that trust requires a proactive and ongoing commitment to cybersecurity.

Dealing with a hacked website?

Every website owner should understand the basics of how to remove malware, but it’s equally important to recognize that overall website security and identifying security issues is an ongoing effort. Manually cleaning malicious code can be time-consuming and complex, which is why many businesses rely on solutions such as automated website scanning solutions and web application firewalls (WAF). A proactive approach allows you to defend your site against increasingly sophisticated attacks before they cause lasting damage.

If you are unsure about how to remove malware or simply want expert support, SiteLock can help. Our security solutions scan your website, provide detailed reports on its health, and automatically remove threats when they appear. With options like SiteLock 911 for urgent cleanups, you can quickly restore your site and keep it protected moving forward. Explore our pricing options to find the right protection for your business.

Want to learn more about malware? Check out these additional resources from SiteLock:

• What is Malware?
• Common Types
• The Evolution of Malware
• Ways Malware Can Get Onto Your Site
• The Dangers of Malware
• The Effects of Malware on Small Businesses
• How to Check Your Website for Malware & Common Signs
  • How to Check for Malware in Databases
• Ways to Protect Your Site
• Malware Analysis Series:
  • Signature-based Analysis
  • How a Signature is Born
  • Detection vs Removal