Title: WordPress Malware Removal Last modified: March 30, 2019 --- # WordPress Malware Removal * Resolved [themess23](https://wordpress.org/support/users/themess23/) * (@themess23) * [7 years, 2 months ago](https://wordpress.org/support/topic/wordpress-malware-removal/) * My website has malware on it, and I am unsure how to remove it. I have the WordFence plugin installed but received no emails regarding this issue. I cannot log on to my WordPress dashboard either. * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fwordpress-malware-removal%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 3 replies - 1 through 3 (of 3 total) * [johnrdiehl](https://wordpress.org/support/users/johnrdiehl/) * (@johnrdiehl) * [7 years, 2 months ago](https://wordpress.org/support/topic/wordpress-malware-removal/#post-11376501) * I too ran into an issue trying to login to my WordPress dashboard. The site gave a 404 error for both wp-login.php and wp-admin. I tried in both Firefox and Safari browsers, so I know it was not just a typo. A short while later, I was able to successfully login. I did delete a suspicious, empty folder named upgrade from the host side, but don’t know if this is really related or not. * [WFGerroald](https://wordpress.org/support/users/wfgerald/) * (@wfgerald) * [7 years, 2 months ago](https://wordpress.org/support/topic/wordpress-malware-removal/#post-11391637) * Hey [@themess23](https://wordpress.org/support/users/themess23/), * I’m sorry to hear this has happened. My best suggestion would be to: - Change your sftp/ftp credentials. - Do a clean wipe on the server. - Reinstall a fresh copy of WordPress, and install Wordfence before any other plugins. - Reinstall fresh copies of all other plugins. - Once everything is reinstalled make sure you have a strong password, and I’d suggest using two-factor for added security. * [https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/](https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/) * If you don’t feel comfortable doing this or the site becomes reinfected I’d suggest reaching out to a hack repair service to have the site professionally cleaned. There are many options out there including Wordfence. * Good luck! * Gerald * [WFGerroald](https://wordpress.org/support/users/wfgerald/) * (@wfgerald) * [7 years, 2 months ago](https://wordpress.org/support/topic/wordpress-malware-removal/#post-11397511) * Hey [@johnrdiehl](https://wordpress.org/support/users/johnrdiehl/), * If that upgrade folder was in wp-content it belongs to W3TC and likely wouldn’t be a concern. * In the future please start you own post [per the forum guidelines](https://wordpress.org/support/guidelines/). * Thanks, * Gerald Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘WordPress Malware Removal’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 3 replies * 3 participants * Last reply from: [WFGerroald](https://wordpress.org/support/users/wfgerald/) * Last activity: [7 years, 2 months ago](https://wordpress.org/support/topic/wordpress-malware-removal/#post-11397511) * Status: resolved