WordPress Malware Removal And SSL Installation

When it comes to web security, housekeeping and maintenance is just as important as proper development. For WordPress, housekeeping should ideally be done at least once every three months.

Luckily, maintaining a WordPress website isn’t too hard.

  • Make sure your plugins and themes are up to date.
  • Make sure you use plugins that are actively maintained.
  • Take proper backups of database and files.
  • Remove plugins and themes that you do not use.

An old client of mine, whose name won’t be mentioned for obvious reasons, recently reached out to me when Google showed the warning message, “This site may be hacked”.

This Site May Be Hacked

Here is what I did to revive the website and remove the warning. 

  • I started by making a full backup as I always do. Saved a local copy of the backup just in case.
  • Made a screenshot of all the inactive plugins and deleted them.
  • Deactivated and removed plugins that were no longer essential.
  • Deactivated and removed duplicate plugins.
  • Deleted default themes and themes that were not used.
  • Updated WordPress to the latest version.
  • Updated all plugins to the latest versions while testing for changes in the front end.
  • Installed Wordfence Security plugin and ran a scan to discover potentially infected files. The scan also revealed plugins that were no longer maintained.
  • The scan revealed malware infection in couple of files. Removed that manually.
  • Replaced the plugins that were no longer maintained with plugins that had an active development cycle.
  • The host was on Bluehost and was paying quite a bit for shared hosting. I recommended that they move to DigitalOcean which was cheaper and had better resources than their current plan.
  • I setup the DigitalOcean server and moved the website to the new host.
  • Hardened WordPress for maximum security.
  • Installed Let’s Encrypt SSL certificate and setup a cron job to auto renew every 90 days.
  • Scanned website for broken links and fixed if any.
  • Installed browser caching.

Final Step – Removal Of ‘This Site May Be Hacked’ Warning.

This requires a manual review by someone at Google. I added the website to my Webmasters tools and requested a review explaining the steps I took to clean up the install.

The review took about a week and the result was positive. Another happy client!

Hello, I am Arun Basil Lal. Thank you for reading!

I am a WordPress product developer and creator of Image Attributes Pro. I am passionate about solving problems and travelling the world.

Divi WordPress Theme - My Review

Divi WordPress Theme
Divi is a WordPress theme that web designers do not want you to know. It comes with a drag-and-drop theme builder. You can build beautiful looking unique websites without touching a line of code. Just choose from one of the many pre-made layouts, or pick elements and arrange them any way you like.

Divi is every WordPress developer's wet dream. Surprise your clients with neat responsive websites and have fun building them.

Divi comes from Elegant Themes. If you enjoy building websites, you *need* an Elegant Themes membership. 87 beautiful themes and 5 plugins for the cost of less than a candy-bar each!

Note: I am an avid user of Divi myself and this is a honest review. I wouldn't recommend something that I do not personally find amazing.


  1. TheAnand says:

    I recommend using something like https://wordpress.org/plugins/really-simple-ssl/ to save time. It basically converts all http calls to https such as stylesheets or blog images. Just plug and play for most installations. WordPress does not provide a way to bulk change the image path called within a post, so if it is a huge site, this plugin helps.

Leave a Reply

Your email address will not be published. Required fields are marked *