Blogs

and Knowing how to remove malware from a WordPress site is a skill every webmaster should have. Malware stands for malicious software, which is a general term for harmful programs and files that can compromise a system. It can damage computers, servers, networks, and websites. In this article, you’ll learn how to remove malware from a WordPress site. What Can a Malware Do to Your Site? Although WordPress is well maintained and secure, it does have several vulnerabilities that can expose your site and its visitors to malware threats. Hence paying attention to your site’s security is absolutely essential. Here are some of the risks posed by malware: Unwanted changes to your content or site, whether something is added or removed without your permission. Compromised sensitive data, like users’ private information. Spam, whether in the form of emails or suspicious links being spread from your site. Your URL getting redirected to untrustworthy websites promoting scam, inappropriate content, or malicious ads. A sudden spike in server resource consumption. Google marking your site as unsafe on the browser and search results. Negative impact on SEO (related to the point above). As you can see, keeping your security up to date and knowing how to remove malware from a WordPress site is an absolute must! How to Remove Malware from a WordPress Site Manually? The manual method may take a while and requires more technical knowledge, but it can give you insights on where the breach happened. If you would rather use a simpler alternative to remove malware from a WordPress site, try a security plugin instead. 1. Backup Your Site Always backup your site before tweaking its core files. There are two ways to do this, depending on whether or not you’re locked out of your site. If you’re unable to login, you can save a copy of your site’s public_html folder via your hosting file manager or FTP. Here’s how: File manager – right-click on the public_html directory and select compress. Once done, save it to your computer by right-clicking on the archive and downloading it. FTP – go to Site Manager -> Connect and then download the folder using the same method as used above. The only difference is that you’ll need to use an FTP client like FileZilla. Meanwhile, if you still have access to your site, you can use plugins such as UpdraftPlus, Backup Buddy, or VaultPress to save time. Last but not least, keep a backup of your database stored locally as well. 2. Run a Scan on Your Computer We suggest downloading your backup using an FTP client or with the file manager then locally running a scan on the backup. Use an anti-virus system and a malware scanner such as Kaspersky or MalwareBytes to diagnose and fix possible issues in your site’s files. If the scan is successful and helps locate and remove any issues, change your FTP password and re-upload site files. 3. Remove the Malware Infection There are a few actions you can take to remove malware from your WordPress site. First, you will need to access the site’s files through FTP or a file manager. Erase every file and folder in your site’s directory except for wp-config.php and wp-content. Afterward, open wp-config.php and compare its content with the same file from a fresh installation or wp-config-sample.php that can be found on the WordPress GitHub repository. Look for strange or suspiciously long strings of code and remove them. It’s also a good idea to change the password of your databases once you’re done inspecting the file. Next, navigate to the wp-content directory and perform actions on these folders: plugins – list all your installed plugins, and erase the subfolder. Later you can re-download and re-install them. themes –  delete everything except your current theme and check for suspicious code, or just remove it altogether if you’ve saved a clean backup or don’t mind reinstallation. uploads – check for anything you haven’t uploaded. index.php – after you’ve deleted the plugins, erase this file. 4. Download a Fresh WordPress Copy to Install Re-download WordPress and re-upload the content to your website via FTP or the file manager. Go to your file manager, click Upload Files and locate the WordPress zip file. After it’s finished uploading, right-click or press the Extract button and enter a directory name to define the save location. Copy everything else besides the zip file to public_html. Alternatively, you can use hPanel’s one-click installer and edit the database credentials in the wp-config.php file to point it to your new installation. 5. Reset WordPress Password If multiple users are running a website, the breach might have occurred through one of their accounts. It’s recommended to reset every user’s password, log out every account, and to check for any inactive or suspicious user accounts that should be deleted. Change the passwords into long, randomized strings that can’t be breached by brute force attacks. It’s a great idea to use a password generator. 6. Re-Install Plugins and Themes Now that you have removed malware from your WordPress site, re-install all the removed plugins and themes you had. However, be sure to leave out plugins that are outdated and no longer maintained. While you’re at it, we advise you to install security plugins that can protect your WordPress site and easily remove malware in the future. Use one with a proven track record such as MalCare, WordFence, or Sucuri. How to Remove Malware from WordPress Using a Plugin? If you prefer a quicker way to remove malware from your site and can afford a premium service, you can purchase a WordPress security plugin. For this article, we’re going to demonstrate how to remove malware from a WordPress site using Sucuri. But first, let’s take a look at what it offers: Server-side scanning (premium) and remote scanning (free). The latter only detects on-site malicious code and while the former also checks for it on the back-end. Detects compromised WordPress files in your system and replaces infected ones with their original copies. Runs a check on antivirus software and search engine databases to see whether your site is blacklisted. Reinforces your site’s security to prevent malware attacks. Notifies you whenever signs of malware activity are spotted. Sets up a firewall on your website (premium). You can get Sucuri from the WordPress plugin repository. Once it

Avada is a multi-purpose WordPress theme, and it is the number one selling theme for over six years. Because of Avada’s features and consistency in the market, it has become one of the most trusted and complete WordPress themes. Avada is powerful and flexible. In Avada, one can import a professionally designed demo in one click, and these demos are free. Avada is a slow, bloated theme, and it is one of the fully featured and capable WordPress themes. By using Avada, you can create any WordPress websites, and it can be installed either via WordPress or FTP. Avada is used to create any websites, a law business site or a corporate business website, a wedding website, an IT website, a hosting company site, or a blog site or an online eCommerce enterprise. And, this theme also comes with a professionally designed demo for different industries like healthcare, cafe, Agency, Photography, Travel, and more. In Avada, over 50 pre-designed demos are available, and these demos include Avada Classic, Avada Law, Avada Sports, Avada University, Avada Creative, Avada Galerie, Avada Crypto, and more. If you want to use the Avada theme on your website, then it should meet the following requirements: Ensure that your web host is capable of running WordPress and make sure you are using WordPress 4.6 and higher. PHP version should be 5.6 or higher. Make sure you have MySQL 5.6 or higher. Install Avada Theme The first thing to do before Avada install is to download all the necessary theme files from your ThemeForest account. If you are downloading the theme from ThemeForest for the first time, then it is recommended to download the Full Theme Package. The Full Theme Package includes additional files such as Revolution and Layer slider documentation, and the classic demo only has the ‘. PSD’ files. If the Full Theme Package is already downloaded, then you can go for the WordPress installable file. DOWNLOAD AVADA THEME FILES Log in to your ‘ThemeForest’ account and navigate to the ‘Downloads’ tab. Locate your Avada theme purchase. Choose the ‘Download’ button only to download the ‘Installable WordPress file’ or if you want to download the Full Avada Theme Package, then you can choose download ‘All Files & Documentation’. INSTALL AVADA VIA WORDPRESS Login to WordPress dashboard and navigate to the ‘Appearance’ tab. Select the ‘Themes’ option. Click the ‘Choose File’ option and upload the downloaded file. If you have downloaded only the installable file, then you can upload that as such. But if you have downloaded the Full Theme Package, then you need to unzip the master file and then upload the secondary zip that is inside the primary zip. Once the file upload completes, you need to activate Avada. To Activate, you can go to the ‘Themes’ option in the WordPress dashboard and click the ‘Activate’ button. After activation, you get redirected to Avada’s welcome screen, and this screen prompts you to install the required Avada’s plugins such as Fusion Core plugin and the Fusion Builder plugin, and more. INSTALL AVADA VIA FTP Log into your server via FTP, or you can connect using FileZilla. If you have downloaded the Full Theme Package, then you need to unzip the master file. There is a secondary zip available inside that file, and you need to unzip that secondary Avada.zip file also. If you have just downloaded the installable file, then you need to unzip that file. Go to the ‘wp-content’ folder and upload the extracted Avada folder to the ‘themes’ folder on the server. Make sure that the name of the folder is Avada. After upload, you need to activate the theme from WordPress. To activate the same, you need to login to the WordPress dashboard and select the ‘themes’ option under the ‘Appearance’ tab and click the ‘Activate’ button. You get redirected to the Welcome screen after the activation. The system prompts you to install the required Avada’s plugins such as Fusion Core plugin, and the Fusion Builder plugin, and more. Avada Plugin Installation The Fusion Core and the Fusion Builder plugins are essential to operate Avada. It also comes with five different premium plugins such as Fusion White Label Branding, Convert Plus, Advanced Custom Fields PRO, LayerSlider WP, and Slider Revolution. Some plugins are essential to run a particular demo in Avada, so it is recommended to add those plugins before the demo import. All Avada plugins are available under the ‘Plugins’ option in Avada. Some of the recommended plugins to run a demo are PWA, WooCommerce, The Event Calendar, Yoast SEO, HubSpot, Contact Form 7, bbPress, and more. INSTALL PLUGINS If you want to download any premium plugin, then you need to register your purchase under the ‘Token Registration’. But the registration is not required when you purchase the required and recommended Avada plugins. Log into WordPress admin and navigate to the ‘Avada’. Select the ‘Plugins’ tab, and this tab list all the required and recommended plugins. Select the required plugin image and click the ‘Install’ button over the plugin image. After the installation, click the ‘Activate’ button and then return to the Plugins page by clicking the ‘Return to Required Plugins Installer’ link. If you want to update the installed plugin, then you can click the ‘Update’ button to apply the changes. Always remember that you need to install the Fusion Core plugin first and then followed by the Fusion Builder plugin. Repeat Steps 3 to 5 until you finish installing and activating all the desired plugins. So, this is how you can install Avada Theme on your WordPress site. If you have any questions or queries regarding this tutorial, please let us know in the comment section given below.

The homepage is one of the essential parts of a website. It is an easy task to set and edit the homepage in WordPress. In a WordPress platform, the newly uploaded blogs and posts are displayed on the website’s homepage by default. For some type of sites like Blogs and News sites, this process is perfect. But it does not make sense for other websites as most of the companies are looking for static homepages. For such companies, the homepage of their website should have information about their products, services, etc., and a blog is a secondary section. So, it is essential to set and edit the WordPress homepage. Mainly, we edit or set the home page to achieve the following goals. It helps to generate more sales and helps to focus on the services. It helps in increasing email subscribers and get more leads. If you do not want to post the blogs on the landing or homepage. Steps to Set a Static Homepage via WordPress As discussed, some companies like to display their company’s services and products on the landing page. Some likes to add a product gallery or slider to their homepage and even would like to change the homepage to a static homepage. For all these mentioned criteria, we can set the homepage in WordPress. Most of the premium themes you purchase require the immediate switch of the homepage to a static homepage. To set a static homepage in WordPress, follow the below process. First of all, Log in to WordPress as an admin/root user. Navigate to the ‘Settings’ option in the left-side menu bar and select the ‘Reading’ option from the drop-down to open your homepage settings. In the ‘Reading Settings’ page, navigate to the ‘Your homepage displays’ section. If you want to change the display settings from the default ‘Latest posts’ option to the static home page, click the ‘A static page’ option to set the new homepage. After the selection, WordPress reveals two options. The first one is to set the homepage of your website, and the other is for the blog posts. If you already have multiple pages on your website, you can select the pages for the two options from the list. Please note that you need to create and publish the pages before being able to select them. Finally, hit the ‘Save Changes’ button. Now, visit your website to check if the homepage got changed to the static page. Steps to Set the Blog Page as Homepage First of all, Log in to WordPress as an admin/root user. Now, Navigate to the ‘Settings’ option in the left-side menu bar and select the ‘Reading’ option from the drop-down to open your homepage settings. Then, change the display settings to ‘Your latest posts’ to set the blog page as the homepage. After that, you can make some changes depending on how you want the blogs to show up. For that, follow the steps: First, set how many posts get displayed on a single page in the text bar next to the ‘Blog pages show at most’ option. Next, you can set the count of RSS feeds in the text bar next to the ‘Syndication Feeds Show the Most Recent’ option. Then, you can set how the post should appear. If you select the ‘Full text’ option, all the details of the post get displayed on the page. But if you select the ‘Summary’ option, only a summary of the post gets displayed on the page. After the selection, hit the ‘Save Changes’ button to apply the changes. Steps to Create a WordPress Menu Most of the WordPress themes do not implement a menu automatically. Therefore, to create a WordPress menu, follow these steps: Navigate the ‘Appearance’ tab in the left-side menu bar of WordPress. Click the ‘Menus’ option. In the Menus page, either select an existing menu from the drop-down or click the ‘create a new menu’ link. Then, select the categories, such as posts, pages, tags, and more that you want to add to the menu or add a custom link as an item on the menu. After the selection, click the ‘Add to Menu’ button. Drag the menu items to reorder or nest the menu. After that, select the display location of the menu from the list and click the “Save Menu’ button. Navigate to the ‘Manage Locations’ tab to set the primary or main menu and the footer menu from the drop-down. The menu locations vary with each theme. After that, click the ‘Save Changes’ button. So, this is how you can create and set a menu in your WordPress site. Keep in mind that each WordPress theme is different and the number of menu locations available in the layout might vary from theme to theme.  

BuddyPress is a free, open-source social networking software package. It is also known as a social network in a box. BuddyPress is a WordPress plugin that helps to transform any platform into a social network platform. It allows companies, schools, colleges, or other niche communities to start their communication tool or social network. The integral functional elements of WordPress engines, such as themes, widgets, and plugins, can inherit and extend BuddyPress. That means you can mix-match the features offered by these plugins, themes, and widgets to customize the social network. In this knowledgebase, you learn the steps to install BuddyPress in WordPress and to build a social website with this BuddyPress plugin. Steps to Build a Social Website using BuddyPress To build a social networking website for your organization using the WordPress plugin BuddyPress, follow the below steps: 1) INSTALL A WORDPRESS THEME Log in to WordPress as an admin user. Go to the ‘Appearance’ tab and open the ‘Themes’ page. Then, select a social network theme from the list. In this knowledge base, we are using ‘Quest’ as the WordPress theme. Click the ‘Install’ button to install the theme. After the installation, click the ‘Activate’ button to activate the theme on your website. 2) INSTALL THE BUDDYPRESS PLUGIN To install the BuddyPress plugin to your WordPress platform, follow the below steps: Log in to the WordPress dashboard as an admin/root user. Navigate to the ‘Plugins’ section and click the ‘Add New’ option. Then, search for BuddyPress in the search bar at the right-side corner of the page. After locating the plugin, click the ‘Install Now’ button. After the installation, click the ‘Activate’ button to activate the plugin on the website. 3) CONFIGURE BUDDYPRESS TO WORK WITH THE PLUGIN After the installation of both BuddyPress plugin and theme, we need to make sure that the BuddyPress plugin can work with the installed theme. For the same, we need to configure the BuddyPress plugin. To configure the plugin to work with the installed Quest theme, follow the below process. Log in to the WordPress dashboard as an admin user. Navigate to the ‘Plugins’ section and select the ‘Installed Plugins’ option. Select ‘BuddyPress’ from the list and click the ‘Settings’ option.     Then, configure the BuddyPress plugin by using the following process. Go to the ‘Components’ tab in the BuddyPress settings page. On this page, the site administrator can enable or disable actions that impact the communication between the users in the social network. Extended Profiles: When this action gets enabled, one can add custom fields to the user profile. Account Settings: Enabling this action can help the user to change their account and notifications from the profile screen directly. Friend Connections: This action helps the user to send friend requests to other users in the network. Private Messaging: Enabling this action helps the user to send private messages to other users or groups. Activity Streams: Enabling this action helps users to view the other user’s activities, such as comments, threads, mentions, favoriting, and direct posting. Notification: Enabling this action allows users to receive notifications, such as private messages, friend requests, and more. Site Tracking: This action allows us to view the activity records related to new comments and posts. User Groups: This action allows users to create private, public, or hidden groups.   The options tab of the BuddyPress settings page helps the user to allow or disallow actions from a registered user.   Next, in the ‘Pages’ tab, you can set these three labels: Members, Activity, and User groups. Create the registration and account activate pages and then add these pages in the ‘Registration’ section of the ‘Pages’ tab. After that, click the ‘Save Settings’ button. Please note that, if you could not see this option, navigate to the ‘Settings’ option, and click the ‘General’ option. Then, select the checkbox next to the ‘Anyone can register’ option. 4) USE BUDDYPRESS WITH THE THEME Navigate to the ‘Appearance’ tab and select the ‘Menus’ option. Then, click ‘Screen Options’ from the top right-side corner. Mark ‘BuddyPress’ and again click ‘Screen Options’. 5) CREATE A MENU FOR THE NAVIGATION BAR If your website already has a menu bar, delete the same before starting this process. Click the ‘Create a new menu’ option on the Menus page. Enter the menu name as ‘BuddyPress’ and click the ‘Create Menu’ button. Select all the log-in and log-out menus from the list. Then, select the theme location and click the ‘Save Menu’ button. After that, remove the default widgets, and configure a new widget according to your needs. Then, add the created BuddyPress widgets to the sidebar 6) ENABLE USER REGISTRATIONS ON WEBSITE To make the registration process public, follow the below steps: Navigate to the ‘Settings’ tab in the left-side menu bar and select the ‘General’ option. Then, select the checkbox next to the ‘Anyone can register’ option. 7) SETTING UP THE HOMEPAGE To set up a static homepage for your website. Now, you have successfully built a social website using the WordPress BuddyPress plugin. We hope that this knowledge base was helpful to you.

Table Of Content: 🔴 WordPress site redirects to another site 📥What is WordPress Malware Redirect? 📥Instances Of Malicious Code in WordPress site 📥 ‎How to Detect and Clean WordPress Redirect Hack? 📥 How to Prevent future malware redirects 📥 WordPress Malware Removal WordPress website security and protection from malware or malicious code has become more important than ever. Its a well known fact that wordpress is used by more than 40% of websites, due to which it is more prone to hacking attempts than other CMS. Is your site redirecting to another website? Then, you are a victim of redirect hack in WordPress. You might be thinking that how do a malware or malicious code make your website redirect. In this article, we will provide you detailed info about WordPress malware redirect OR url redirect hack fix. According to Sucuri, WordPress malware infections saw a considerable from 83% to 90% in 2019-20. We will show you how to fix wordpress site hacked redirecting to another site ‎🔴 step-by-step. We have also included a video and an infographic (down below) to cleanup malicious redirects in WordPress. You can bookmark for future reference. It’s important to understand this hack so that you can do a cleanup of your website and also prevent it from reoccurring in future. In case you are short of time, we can remove malware from wordPress site. Why my website is being redirected to another site? Often, we come across people asking questions such as why my website is redirecting to another site or to multiple websites. A straight forward answer to website getting redirected is that your WordPress has been hacked and is infected with a malware which sends visitors to a spammy or phishing sites. Know more about WordPress Phishing in this post. Intent behind inserting such malicious redirects can be black hat seo, or obtaining ad impressions. Attacker exploits vulnerabilities present in your wordpress site via a backdoor or malicious scripts which are hidden in source code. In some case, it also throws a 404 error for your wp-admin area. This could be due to an infected wordpress plugin, malware injected .header.php and footer.php or .htaccess. We have seen many instances of such hack where WordPress Site URL Redirects to Another Site and have fixed it successfully. This can negatively impact your business in many ways. These hackers may make out money, data and confidential information from your website. If in any case, your website is being redirected to phishing or malware websites then get ready for the consequences. SEO loss – Yes, of course, Google is not going to take any chance with its reputation and you are definitely going to be penalized by Google maybe your WordPress site gets blacklisted in google. Google may also show “This Site May Be Hacked” warning message alongside your website listing in search results. You host may suspend your website (Siteground suspension). You might get a message like  “this site has been suspended” OR Account suspended contact your hosting provider for more information Breach of Privacy – It could result in data loss and breach of user privacy, in case, visitors download any software from that infected website unintentionally. Branding – A visitor to your hacked site could be redirected to websites selling illegal or spam products which can harm your brand and customers will loose trust in your ecommerce website Revenue Loss – If your website uses WordPress woocommerce for selling products, then it can lead to huge revenue loss as well as theft of sensitive information. What is WordPress Malware Redirect Hack? “WordPress Malware Redirect” or “WordPress Redirect Hack” is a kind of  🔴 exploit where infected site redirects the visitors to malicious website, phishing page and malware websites. It is likely due to the code injected in your WordPress database, that gets your WordPress site redirected to another site. Signs & Symptoms – How To Detect You can easily make out that your wordpress is infected with a redirect malware. Look out for these signs and symptoms to diagnose your site for redirect malware. Is your website redirects to another site Is your WP-admin shows 404 error while logging in your dashboard Are you are unable to access the website dashboard or front end Are you unable to log in admin area of your website Do you come across this error -““ERROR: There is no user registered with that email address” while loggin in wp-admin. In case you come across any of the above mentioned symptoms, get in touch with us right away. Our scanner will thoroughly analyze your website, find the location of the hack & start the removal process. Generally, a malicious WordPress Hacked Redirect is detected through the site’s front end when a visitor is redirected to any other page instead of the page or any website he requested. In most of the cases hackers use a particular malicious code to redirect the website to a porn or scam website to harm your website. Commonly used tricks includes: Adding themselves as a ghost admin on your website Injecting or uploading a malicious code in your WordPress site Executing .php code If any malicious script is added by hackers it’s often named to look like a legitimate file like that’s the part of WordPress core files on the website. Hackers can add malicious code to wp-content/plugins or wp-content/uploads folders, .htaccess, wp-includes, wp-content/themes, or wp-config.php file.   Examples Of Malicious Codes Inserted in WordPress Sites Site Redirect Chain – Redirecting from one site to another, automatically We recently noticed that large number of wordpress sites have been redirecting to malware infected domains such as ibuyiiittraffic[.com] and i.cuttttraffic[.com]. In this kind of redirection malware site webmaster comes across a 404 error on his wp-admin. This is accomplished by infecting the website with backdoor hack or other means of malicious java-scripts being induced by SQL injection or CSS. This is a explicit example of malware redirection ‘chains’ where websites get automatically redirected multiple times before landing on the domain as desired by the attacker. In other instances, it re-directs when you click anywhere on the page or click ALLOW. There are many