If your site is behaving strangely, redirecting visitors, or flagged by Google, it may be infected with malware. Here's how to scan and clean your site.
Scanning with Imunify360
In cPanel, open Imunify360 > Malware Scanner and click Start Scan. It scans all files in your account. Infected files are shown with severity rating and options to clean, quarantine, or ignore.
WordPress: Scan with a Plugin
Install Wordfence Security or Sucuri Security in WordPress. Run a full scan from the plugin dashboard. These tools check WordPress core files, themes, and plugins against known malware signatures and integrity baselines.
Cleaning an Infected Site
- Take a backup immediately (so you have a record of what was infected)
- Use Imunify360 or Wordfence to clean detected files automatically
- Change all passwords β cPanel, FTP, WordPress admin, database
- Update all themes, plugins, and WordPress core
- Remove unused themes and plugins
- Request a Google Search Console review if your site was flagged by Google
Preventing Future Infections
- Keep software updated β outdated plugins are the #1 infection vector
- Use strong, unique passwords and 2FA
- Don't install nulled/pirated themes or plugins
- Regularly review user accounts for unauthorized additions