WordPress Malware Cleanup Case Study: How I Fixed a Hacked GoDaddy Website

A few days ago, a client came to me on Fiverr with a serious problem related to WordPress Malware Cleanup. Her website was hacked and visitors were getting redirected to malicious websites. The website was a car rental business website, so this issue was very dangerous for her business. Customers were losing trust, and there was a high chance of losing bookings and revenue.

The client was very stressed and wanted an urgent fix.

I assured her that I would investigate the issue and clean the website as fast as possible.

Getting Access to the Website

First, I asked for the hosting access. The client told me the website was hosted on GoDaddy hosting. There was no cPanel access available. She only provided:

• FTP Access
• SSH Access

I also asked whether she had any backup of the website. She was not sure about that.

Since backup is the first and most important step before working on a hacked website, I decided to create a backup myself.

Using SSH access, I created a full ZIP backup of all website files. At that moment, I did not have database access, so I could not take the database backup immediately. The client later confirmed she would send database access soon.

Because I was starting with WordPress file cleanup first, I continued the work.

Step 1: Checking the WordPress Core Files

I first checked the WordPress version running on the website.

The site was using WordPress version 6.9.4.

To make sure the WordPress core files were clean, I downloaded a fresh copy of WordPress 6.9.4 and replaced all WordPress core files through SSH.

Usually, many malware infections modify WordPress core files. Replacing them with fresh files removes many hidden malicious codes instantly.

But after replacing the core files, the website was still redirecting visitors to malicious links.

So I understood the malware was hidden somewhere else.

Step 2: Investigating .htaccess Malware

Then I started checking .htaccess files using SSH.

I ran a command to search all .htaccess files inside the hosting account.

The result shocked me.

There were 862 .htaccess files inside the hosting.

Normally, a WordPress website should not have hundreds of .htaccess files.

This was a strong sign of malware infection.

Then I opened several .htaccess files and checked the codes manually.

I found suspicious malicious rules like this:

At that moment, I confirmed most of those .htaccess files were generated by malware.

Only a few .htaccess files were legitimate. Most were fake and harmful.

So I removed all malicious .htaccess files carefully.

Step 3: Website Became White Screen

After removing the malicious .htaccess files, the redirect problem stopped.

But the website started showing a white screen.

Actually, this was a good sign.

It meant the malware redirect system was broken and the malicious code was no longer working.

I also tested the wp-admin login page and successfully logged into the WordPress dashboard.

That confirmed the main malware attack was already controlled.

Step 4: Deep Malware Scan Using Security Tools

After getting access to the dashboard, I installed the WordPress security plugin:

• Wordfence Security

Then I started full malware scans using:

• Wordfence Security
• Virusdie Premium Scanner

After around 10 minutes, Wordfence detected 138 infected files.

Many people make one big mistake here.

They simply delete every infected file.

But that is dangerous.

Because many infected files are actually important theme files or plugin files. Malware attackers inject malicious code inside legitimate files.

If those files are fully deleted, the website can become broken.

So I manually checked all 138 files one by one.

• Fully malicious files were completely removed
• Theme and plugin files were cleaned manually
• Only the injected malicious code was removed
• Original file structure was kept safe

This process takes time, but it is the proper and professional way to clean a hacked website.

Step 5: Final Verification

After cleaning all infected files, I started another malware scan.

This time, both Wordfence and Virusdie confirmed the website was clean.

Then I tested the website carefully:

• Normal browser mode
• Incognito mode
• Different pages
• Admin dashboard
• Contact forms
• Website redirects

Everything worked perfectly.

No malicious redirect was found anymore.

The website was fully clean and operational.

Step 6: Securing the Website

Cleaning malware is not enough.

If security is weak, hackers can infect the website again.

So after cleanup, I updated:

• WordPress themes
• Plugins
• Security settings

Then I checked all administrator accounts.

I searched for suspicious users and removed unknown admin accounts.

Finally, I advised the client to immediately change all passwords including:

• WordPress password
• FTP password
• SSH password
• Hosting password
• Email password

Because if attackers still know old passwords, they can easily re-enter the website.

Final Result of WordPress Malware Cleanup

At the end of the project:

• Malware was fully removed
• Redirect issue was fixed
• Website became safe again
• Admin access was restored
• Security was improved
• Website was running normally

The client was extremely happy because her business website was working properly again and customers could safely browse the website.

Tips to Prevent WordPress Website Hacking

Here are some important tips every website owner should follow:

• Always keep WordPress, themes, and plugins updated
• Never use nulled or pirated themes/plugins
• Use strong passwords for admin, hosting, FTP, and email
• Install a trusted security plugin like Wordfence
• Take regular full backups of files and database
• Remove unused plugins and themes
• Enable two-factor authentication if possible
• Use trusted hosting providers with good security
• Regularly scan your website for malware
• Limit admin users and remove suspicious accounts quickly

A small security step today can save your business from huge damage later.