I've been dealing with malware lately, somehow it's annoying and was about to do a clean install in my wordpress site. The thing is, it's always in my wordpress but not in my other custom made website frameworks and I installed it from the instant installation in my hosting which is Godaddy. Well next time i'll try to install using wordpress.org and see will it add another malware.
After researching these are my steps
- Change new password in wordpress admin and hosting
- Backup wordpress, update / uninstall plugin if necessary, update theme
- Then download Wordfence Security
- Find all infected files usually the one with base64, take it out if it's not core of wordpress or theme else just edit the files and delete them then save.
- Webmaster : Request fixed issues
- add description on how to clean the malware
- then next day google your site using site://www.domain.com