I was shocked to hear that some of our readers were facing issues on accessing their website. Antivirus programs namely Avast and Kaspersky blocked the certain webpages saying that it contained Trojan Horse Downloader.Java_c.B and Trojan.Generic.D2D65AC respectively. No matter that how much people trust on you or in your site, it is never more than the antivirus program they use. The reliability of website is in question when such incident happens and the quick action to clean trojan virus from WordPress site has to be taken immediately.
How was Virus or Malware Script Injected?
The most common attack is XSS which is Cross-site scripting enables the attackers to inject harmful codes into the webpages. In many cases, some WordPress website which consisted of few static HTML pages and through which the attacker got access and did the scripting. Another attempt could be of hacking, so it is strongly recommended to contact with the host in order to investigate if your password is stolen.
Continue Reading: https://en.wikipedia.org/wiki/Code_injection
Instructions To Detect Malicious Codes on WordPress
Use a web service to find the suspected malicious codes on the infected website. After scanning a page using any web service, you may get the idea where exactly the harmful codes is exists. Likewise, plugins and theme files if you have already guessed the file. Although, scanning service won’t tell you that where exactly the virus is injected but if you are wise enough and have some knowledge on the installation of WordPress, then the chances are high that you will find out the malicious codes or malware on your infected WordPress website. Also, most prone areas are plugin files and theme function.
Reference Link: https://wordpress.org/support/topic/malicious-code-detection
Nothing Malicious was Detected. Site is Clean?
In some cases, antivirus programs reports false-positives on the certain website. It means that the WordPress website is clean but the program detects some i-frame or script on page as a suspected malware. If you are very much sure that there is no cross script attack or hacking was taken place, then you can report the specific antivirus company about it. Therefore, you have to hunt down all the elements of that webpage to find and clean trojan virus from WordPress site.
For More Info: https://premium.wpmudev.org/blog/get-off-googles-blacklist
Steps To Clean Trojan Virus From WordPress Website
Still, you could not find the trojan code or any page element, then the only options left is to make complete clean-up. This process involved the re-installation of WordPress website completely. It is because sometimes, the malicious codes is hidden in the WordPress core files and investigating each one of them will take days and does not guarantee success.
Backup database and the Image directory.
Write the names of list of installed plugins.
Delete the complete website directory.
Makes free WordPress installation.
Download themes from official and trusted source.
Re-install all the plug-ins.
Restore the Database and the Image directory.
Well, I hope taking above actions will definitely help you to clean trojan virus from WordPress site and make it virus free. Let me know, if you are facing any trouble while removing viruses from your WordPress website or share your experience.