WordPress Malware Removal

Here is are the how to get Google Chrome to remove the malware notice on your website:

  • Google detects malware on your WordPress website, flags your website and the red screen warning appears to anyone trying to visit your website.
  • Google publishes this information so that other browsers such as Firefox and Safari are made aware of the issue. Many of these browsers will start posting their own warnings.
  • Use Wordfence or other WordPress malware removal plugin to scan your site or hire an outside service to scan and check your website.
  • Once you're done removing the malware from your website, you'll need to request a review of your website through Google's Search Console.
  • If the malicious code has been removed and you get the all clear from Google the red warning will be removed and you're on your way. The appeal process usually takes a couple of days from the time of submission.
  • If you submit your appeal to Google and all of the malware has not been removed then Google can take 2-4 weeks to rescan your website and remove the warning.


How to remove malware from your wordpress website

How to remove malware from your WordPress Website:
Step 1: Scan your website and remove malware

Website security

Pay close attention to the updates menu in WordPress. There are frequent updates to WordPress, PHP Versions (the code that runs WordPress) and Plugins.

Do it Yourself WordPress Malware Removal

Wordfence Security is a website security plugin designed specifically for WordPress. Wordfence does an excellent job of cleaning out malware if your WordPress websites been infected. It does a great job of preventing it in the first place. The problem is most WordPress sites either don't install Wordfence or something similar or, they install the free version which has a 30 day delay built into it's threat awareness database.

Spring for the premium version. It currently sells for $119 per year so it's inexpensive protection against malware attacks.

If you have suffered a malware attack, install the premium version and run through the set up process. Scans run during set up by Wordfence should remove any malicious code.

Fixed.net Malware removal for WordPress
wordpress malware removal by fixed.net

Hire a Service for WordPress Malware Removal

Fixed.net offers a WordPress malware removal service that is affordable and, based on the reviews, reliable. The charge for a "one off task", (removing malware) is currently listed at $99. They have great reviews according to Trust Pilot and may be just what you need. Especially if you were unsuccessful in removing malware on your own using Wordfence.

In addition to malware, malicious code can also set up links on your WordPress site that can reinfect your website. Cleaning these up can take a bit more expertise that just installing a program like Wordfence.

You'll also want to make sure your plugins and PHP version stay as current as possible. WordPress will notify you when these needs to be updated.

You can find Fixed.net here:


How to remove malware from your WordPress Website:
Step 2: Submit your cleaned website to Google for review

wordpress malware removal

Get Google Ads reapproved after a malware infection:

We mention the sub domains because we've had issues when recovering from a malware attack. The root directory had been given the all clear by Google and the red screen of death had been removed.

However, because we ran the landing pages through HubSpot and the set up was via a url, it did not clear the sub domain and we could not get our ads reapproved.

If this is the case, you'll need to set up a new search console property as a domain, not a url, and then reapply to Google Ads to get your domains cleared up and your ads reapproved.

Request a review from Google via Search Console

After you've scanned your WordPress website for malware and it's determined to be all clear, you'll need to request a review from Google.

Keep in mind; you want to get this right the first time, if you have to resubmit your website it could take even longer to have it reviewed by Google and cleared.

One other important note, many websites set up Google Search Console with a url. This works fine as long as it's set up properly, ie it's the root domain and there are no sub domains. A sub domain would look like this:


There are a lot of reasons to create a sub domain but they happen most often when you're using other tools for marketing automation. HubSpot makes you set up a sub domain for their marketing automation platform and this is where they place any landing pages you've created.


Sub domains should not be confused with sub directories. Sub directories come after the root domain and will get picked up no problem if you have your website set up as a url within search console.

Partner with Digital Direct to ramp up your sales and marketing.

Digital Direct specializes in developing B2B marketing campaigns that work. Contact us today to learn more.