1 - 2022 » Ultimate Marketing Group


wordpress malware removal process

Our Malware Removal process and the latest WordPress Vulnerability Found by JetPack

Listening time – 5 minutes 19 seconds

Updated: 08/24/2023

A malware removal process is tedious and time-consuming, and over 360,000 websites should start this process soon. On January 18th, 2022, JetPack’s security system discovered a major breach that is used to take full control of a website. The discovery was made last September. The makers of AccessPress themes and plugins were responsible for such an error. The team discovered that the issue involved a compromised website. They found that the malicious code was present in all the plugins and themes from this WordPress creator, but only when downloaded directly from the AccessPress site. Over 360,000 websites could be infected.

Furthermore, they found the same theme or plugin downloaded from the WordPress repository was not infected. This led them to believe the AccessPress site was compromised and that the hackers injected their malicious code into all the theme and plugins. Upon installation of the infected theme or plugin, the malicious code created a backdoor that allows the hackers full site access.

The JetPack team exclusively analyzed themes that are available for free distribution. No conclusion was reached regarding paid premium themes. If you have a paid version of AccessPress, you should check with the support team to see if you are affected.

Most of the affected plugins have been patched and cleaned up, but their themes have not. If you use one of their themes, you should look for help to transition your site to a different theme or clean it up immediately. To fix the issue, you should not only replace the theme or update the plugin, but also take additional steps to remove the infection from the WordPress core files.

Our 10 steps to malware removal

We use a very thorough clean-up process. Here are the steps we take to make sure all infected files are removed.

1- Zip and Download – Gather all your website’s files, compress them into a zip file and download them to your local computer. Most users tend to want to have the files replaced while still on your web hosting, but this can only create a never – ending cycle. As other infected files could still infect the clean files, as well as produce a poor user experience for your visitors.

2- Maintenance Page – Once the files are zipped and downloaded, the files should be removed from the web hosting, to keep away from poor user experience while cleaning the hack. An ‘Under Maintenance’ page should be created to avoid creating skepticism with site visitors.

3- Reinstall core files – To fix a hacked WordPress site, download a fresh copy of the same version of WordPress being used on the infected site. Replace the core files with the downloaded files. Then delete the wp-include and wp-admin folders, as well as any WordPress root files. Do not delete the “wp-content” and “wp-config” files.

4- Verified non WordPress files – Manually check any foreign files that are not supposed to be in the main WordPress directory. This encompasses all files that begin with “wp-“. If it is decided that the file does not belong to the site, it should be removed.

5- Replace themes and plugins – Following up the replacement of the core files, you should proceed to replacing all plugins. Download files from the WordPress repository whenever you can. If you are using premium plugins, make sure to scan the zip file with Virus Total to ensure that the downloaded version is clean. If developers haven’t cleaned up their themes or plugins, it’s necessary to manually scan and remove any malicious codes or files. This could be one of the most time-consuming parts of this process.

6- Scan the database – You often see the database infected as well. A copy of the database file should be downloaded and scanned for any injected malicious code. This is also a manual process, searching for the most common code injections and removing them. We use various open source tools, such as SonarQube.

7- Scan and double check – Before launching the site again, a full local scan should be done. Tools like WP Scan command line tool and SonarQube can help. If no infected files are found, then launching the site is safe. If infected files are still found, the process starting with replacing core files should be repeated.

8- Launching the site – Zipping the freshly scanned files, uploading them to the web hosting. Remove the ‘Under Maintenance’ page files and unzip your clean files. Replace the database as well with the clean one, even if it wasn’t infected. Open and inspect the entire site from the visitor’s perspective.

9- Securing your site – Following a hack, you will want to increase security. Using a plugin such as Wordfence or Sucuri will help you scan your site from within the WordPress backend. Passwords for all users should be reset and make sure to use strong passwords.

10- Maintenance – Updating plugins, themes and WordPress in addition to frequent scans will help you avoid losing your site to a hacked. Most security plugins can run scans on schedule and report if they find anything suspicious.


A CVE has been created if you are interested in more details.

CVE: CVE-2021-24867
Vendor: AccessPress
URL: https://accesspressthemes.com

For a list of all the themes and plugins affected as well as the version you need to update, to remove this malware, you can check the WP Scan CVE.

If you need help with any part of the process above or would like a security assessment of your site, feel free to contact us.

wordpress release news

WordPress 5.9: What to expect in this big update?

WordPress 5.9 is scheduled to be released on January 25th, 2022 after a short delay, and it brings some powerful enhancements. WordPress has been focusing on improving Gutenberg to produce the next big thing. Numerous debates arise, suggesting that once Gutenberg achieves more sophisticated capabilities, several page builders will face challenges in keeping up with competition.

What is the Gutenberg or Block editor? If you are new to WordPress, web development, or web administration. It was first introduced in 2018 with the release of WordPress 5.0. Gutenberg can be seen as WordPress’s take on a “page builder,” so to speak. You can do similar things as you would with a page builder. Create a row with multiple columns, add different content on each column, etc. Each of these elements are called a block. Hence, the name “Block Editor” (think of it as if you were building with Legos).

While the first release of Gutenberg lacked a lot of features, many WordPress users stayed with their traditional page builders and the now “classic editor”. With each WordPress update, Gutenberg has been continuously evolving. In addition, there are many third-party add-ons available to enhance any missing features. This makes it a great, lightweight, and functional native “page builder”. Gutenberg is a powerful tool that can greatly enhance your website’s loading times by being lightweight and lightning-fast.

Back to WordPress 5.9. -As we mentioned, WordPress has been focusing on improving Gutenberg and this update is not short of that. Here are 3 things that every WordPress user should look forward to. Whether you are a developer, designer, or just an admin.

Full Site Editing (FSE)

So far, Gutenberg has been a valuable tool for creating pages, and it has recently been integrated into the widgets’ area as a new addition to WordPress 5.8. But was still lacking the ability to create your own header. You had to rely on whatever header options the theme provided. Well, that will no longer be an issue, as long as the theme supports it. These themes that support the block editor are called “block themes” and are a bit different from your traditional WordPress theme. We won’t elaborate on this post the difference between both, but will talk about it in a separate post in the future.

In WordPress 5.9 and with the usage of the Twenty Twenty-Two theme at the moment. You are able to design the header of your site. You could have different headers on different pages, or the same header across all pages. That kind of header building functionality, you would only see on “website builders” rather than page builders. Such as Visual Composer, Elementor, and Divi, but now it will be included natively. Although, many block focus themes, such as Blocksy, Ocean WP, and Kadence themes, to name a few, already offer this type of functionality.

Although FSE may initially have some limitations, it is a significant step in the right direction for WordPress, as it represents a clear improvement over the block editor. Expect more block themes in the upcoming year as FSE evolves.

Enhanced Lazy Loading Performance

Another feature that is coming and that it will help websites improve the page speed test results is, enhanced lazy loading. WordPress added lazy loading to the images in version 5.5 and to iframes in version 5.7. That was a great addition, but it also brought another problem. When running a page speed test, the “Largest Contentful Paint” (LCP) and “First Contentful Paint” results increased. That’s because any image above the fold (top one-third of the web page) should not be lazy loaded. According to Google, it delays the page from loading completely, therefore increasing page load time.

WordPress is looking to fix that with this release. As reported by WordPress, based on a test they ran on 50 popular themes, they saw an LCP improvement and up to 30% faster page load. That is a huge improvement. If you’re interested in diving into the nitty-gritty technical details, you can find all the juicy information directly on the WordPress website. Take a look at the WordPress 5.9 Enhanced lazy-loading performance section for all the juicy details.

Blocks + Intrinsic Web Design

“One of the biggest points of friction for pattern and theme builders are the lack of responsive tools available at a block level. “This needs to be solved in a way that doesn’t disproportionately increase interface complexity.”

According to WordPress, that’s why this improvement is needed. Most responsive frameworks flow naturally as you see them on smaller devices or as you shrink your browser window. Gutenberg has been having some issues in this area. While there may not be a lot of detailed information on how exactly they intend to address these specific issues, our understanding is that their plan involves implementing additional control settings for each block, alongside enhancing the natural responsiveness of the blocks. If you use other page builders, they have settings based on the device. For example, let’s say you have a block that on desktop you want to add a large padding, but on tablet and mobile that padding needs to be smaller. You will now have the option to do so. We assume from WordPress’s preliminary road map info, this is what they are looking to achieve. As of the writing of this post, we have tested the latest beta version (5.9-beta4-52432), and we are yet to see any different settings on each block. We will continue testing the beta version and update this post as needed.


As you can see, WordPress wants to compete with other page builders out there. They are trying to build a more attractive and easier-to-use WordPress for everyday users. This type of competition is good for the end user. We will start to see other established page builders enhance their tools in order to improve performance. More than half of WordPress websites now prefer Gutenberg over the classic editor. We decided to start embracing it on recent projects, and the difference it makes in page speed over traditional page builders is staggering. The future of WordPress is looking bright, and we certainly look forward to what WordPress 6 will bring.

We are here to offer our assistance in preparing your site for the new release, whether you need help testing Gutenberg or the latest version of WordPress. Feel confident in exploring all the exciting new features with our support.