How to Remove Malware from Hacked WordPress Website

thank you so much for watching the press Avenue YouTube channel my name is John and I like to talk about WordPress with wordpress tutorials so in this YouTube channel we talk about everything from security to adding plugins to developer tools to even just building websites with either page builders Gutenberg or different custom ways you can do things we have a Facebook group facebook.com slash group slash press Avenue where people ask me hey I want to see this tutorial and I go ahead and make it so we did a poll it's been running for a while maybe a year now and we've had tons of comments on people wanting to talk about securing WordPress so our most recent one was on just the dads and this one is on that as well this one is run removing junk from WordPress that you don't want so this is either malware spam and it's just a few tips for doing so so we had someone contact us saying hey I have this WordPress support plug-in on my website is this you is this something you know what what is this so I'm further looking into it though I immediately saw this sounds like this is spam and the reason is it was unsolicited and it got on here by a means that the client really wasn't expecting and actually in this scenario the developer or the person that put together the site wasn't expecting either so if you see here I got this kind of myspace WordPress support up here you know it's not official because the P is not the full size P capital P I should say and it's just this rainbow mess the whole time when you click it it brings you to this widget here and what's annoying about this is if I click here I'm getting a live chat support with these agents of 24/7 WP support comm when I go to their site let's see here it all it all looks legitimate it's just the way they get into your site it's malware and spam is how they enter in and what happens is I click this and I say hey this doesn't work on my site they say fine 50 20 bucks we'll fix it for you and according to the reviews hotline they do but it's still a dirty practice of getting business by sneaking into sites and tricking people so I want to get rid of this so what I did is I went over to plugins and it's like well I'll just turn it off I started looking through here and this is all pretty standard stuff there's only maybe two this featured images one and this get featured image probably redundant that I haven't seen before but there's 30,000 plugins so I haven't seen a bunch of them but it's not in here so there's nothing that says support so then what I did is I logged into the host and then this one is happens to be GoDaddy and you could do the same on any host you could log in and go to the file manager so cPanel has this SiteGround has this a lot of companies have this if they don't have it they offer FTP access but this one does have its we're going to go to it so I'm go daddy if I go to my hosting and then tools I can see all the files then we want to go to WP dash content and then I went to plugins and if you look again all the same stuff but at the very bottom I'll see it on this one hold on I make a refresh refresh should be at the bottom I may have to go back yeah it is there WP - support is between WordPress SEO which is Yoast SEO and WP 101 video tutorials both excellent plugins if I come back here and scroll the bottom it should be between these two but it's not if I look through here and the must use um it shows basically a GoDaddy plugin which has no name and then the same thing here but if I come back it should be there but it's not so how you get rid of this kind of lady in your dashboard here is to ultimately just delete that plug-in the only way to delete it is via a file browser like this one on your hosting company and if you don't have one an FTP briefly on the FTP you need FTP software FileZilla is a free one for every platform Windows Mac Linux whatever you want and then you again go to WP content or you'll be in route that WP content then plugins and then you find this WP support so I'm just going to go ahead and delete it so it says are you sure you want to delete this and I say yes so now it's gonna delete this folder which ultimately deactivates and deletes the plug-in from this site so here's that lady again and if I hit refresh she should be gone and out of my life and now that rainbow thing has gone as well additionally the plugins if you go to it it'll show the plug-in WP support index has been deactivated due to an error the error is it doesn't exist and it's because I deleted it so now we're gonna head to users and just like plugins there was no plug-in there and users there's actually a fifth administrator and actually only caught it by accident so I was updating this site with manage WP and it shows all the users in the database which this should show as well so I took a picture of it so you don't have to see everything here's a screenshot of it and if you look there's that lady at the top there's the next one right there there's that migration there's me and there's this one called custom and what do you know it's email addresses info at 24 by 7 WP support comm which really don't email them their trash um if you do need recommendations let me know below there's tons of people depending on where you live that can help you with this kind of support including me anyway so this right here this is not here so where is it great question so I looked around a little bit more and the only way to find this is to go to your database so again you login to your control panel you login to your hosting environment somehow cPanel some have some custom ones that are created but you login you click PHP myadmin which is what I've done and I've skipped the logging in stuff so you don't see the username and password for this site anyway so here is what it looks like it'll of course look different than yours typically something says WP underscore doesn't have all this garbage and then underscore CF forms so so that's contact form 7 this is ithemes security so it's just different things within here so on the right hand left hand side excuse me the schema down here we don't need we're looking at this database right here your database details if you don't have the username and password are in your WP dash config dot PHP file or in your hosting back-end so now a lot of you are saying you're gonna go blind looking at this but it is necessary to get rid of this so we're gonna click users and then typically it's on browse for whatever reason GoDaddy puts me in structure so I'm gonna click browse and then we're gonna look and it shows five users so this lady named Jane migration myself custom Jane again but in here there's only four users and so again this is the one we need to axe um so and it shows on 12:18 2017 and this is 2019 this person got administrative access so they can install a plug-in they could set anything up they could get into the weeds and get it done really kind of scary stuff that they're in here this particular site doesn't have e-commerce or take credit cards but I've removed it plenty of times and I've seen it where wait a minute info at 24/7 W support has access to people's personal data people's payment plans stuff like that anyway so to get rid of this you have this X you can either highlight here and hit the X or you can do it here so I can straight axe it I would say before you start deleting stuff in here on to of a backup with backup buddy or up draft up draft does a complete backup for you without having to pay they have a premium version this isn't really a commercial for them I don't work for them but it is a quick way for you to have backups before you start ruining your database so I deleted custom and then I want to check the user Mayda so it should be WP dash user made uh but again GoDaddy adds much stuff I need to go to browse and it was number five so I'm gonna go to next I'm looking for user ID of five it should be deleted or maybe not five let's see if it's still in here so it should be gone let me check in here anything changed nope and that should be gone from there I haven't found this plugin infiltrating anything else but it is a big deal that it's buried in here and that it hides itself from the plugins um so do keep that in mind and the last thing I'll say is this is where the plugin came from so custom dashboard widget and dashboard contact form so that's what it's last updated two years ago there's a warning here that this hasn't been updated forever but they still make it available which is insanity 800 plus active installations I've seen this one entered other ways but this puts a custom form on your dashboard and this is the plugin that is basically hiding that support group and there's tons of other ones besides this so sadly it's on here and people say oh yeah I want this widget they install it and it disappears so and then it adds that lady and then now you got to pay to play and get help and get them off anyway that's it if this was helpful in any way I'd love to hear it in the comments below we have a great community again a thumbs up and hit that red subscribe button on YouTube along with a little bell lastly that Facebook group facebook.com slash group slash press Avenue where we talk about these tutorials answer more questions this guy is an urgent question we answered him probably within 15 minutes and then live stuff and then just stuff happening in WordPress if you're a WordPress website owner I really recommend getting into groups like this to get help and get the support you need from others doing the same thing again thank you so much for watching thanks again for watching this video my name is John and you can join me on our Facebook group by clicking ask a question below you can visit our web site and see all the tutorials and on the right hand side we have our most popular video along with our most recent upload thank you again so much for watching the press new YouTube channel