What is the fastest way to remove malware or virus from your WordPress site?

If you are advanced user or willing to learn install ModSecurity. This is a great free GPL application control that monitors every step of your webserver for common and specific malicious attacks.



yum install mod_security mod_security_crs
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git

Then you need to customize httpd.conf to load it into apache and then modify the mod_security.conf file to load your rulesets.

Add additional rules such as the free ones:
OWASP ModSecurity Core Rule Set (CRS)

The downside is you have to apply whitelisting rules, because there will be false-alarms. There is a big learning curve involved. But once you learn it you could do very advanced stuff and protect your entire servers (in terms of attacks directed via web sever).

IF you are not an advanced user OR don’t have the time:
Just search for commercial Website Application Firewall (WAF) providers. They will ask you to change your domain’s dns provider to their own. Then they will filter your traffic before sending it to your server. They site in between your server and the public and filter bad traffic.
This is much easier to do but will cost you a monthly fee per domain. (FYI modsecurity is more extensive control since it monitors your webserver directly BUT depending on your setup you may not have the best rule sets)

Some of these services also offer Virtual Patching. They apply fixes to known exploit attacks to commonly used scripts/CMS/plugs/etc. In theory you could keep running outdated plugin while hiding behind the Virtual patching WAF. This is the advantage of commercial WAF compared to the ModSecurity. (Technically, there are commercial rule set that covers zero day exploit for modsecurity but the server licenses to get these updates is so high that only worth it if you have a lot of sites hosted or you have a mission critical site).

When it come to wordpress most of the time the breach happened because of a well known vulnerability of sort in the CMS or plugins.

There is one specific company that I would recommended but since I am a new here, I don’t want to come across as promoting. ;)

Bonus for those that came across this post (since this will be above the OPs needs: Look into SElinux to safeguard your entire linux server (for advanced users only)