Have your WordPress website affected by monit.php malware? If yes then go through this article about how to remove monit.php malware from your WordPress website. Also if your WordPress website haven’t affected by monit.php malware then be cautious about it.
It’s the most dangerous malware also known as monit.php plugin which remains invisible on your installed plugin list and injects malicious codes on your WordPress core files without your knowledge. Also you may see an unusual behavior on your live site.
What is monit.php malware and what it can do to your website?
If you search for a plugin named monit, you can find that there is a plugin listed with that name on wordpress plugin repository. By this plugin you can monetize your website by various ad services like Google adsense.
Now hackers are managing this plugin by injecting malicious codes and also with their own ad codes. This can inject malicious codes to your themes functions.php file as well as wp-includes/post.php file.
It also creates a file wp-includes/wp-cd.php and your most visited pages or all pages will start showing annoying ads. Moreover this plugin hacks your admin IP’s by injecting a file called wp-content/plugins/admin_ips.txt.
How you can ensure that your WordPress website is affected by monit.php malware?
Whenever you see an unusual behavior on your WordPress site or see annoying ads on your sites pages then immediately login to your root control panel or SSH to server. Then look at the functions.php files of every theme and plugins.
You can find there a long unusual code in this file. look at the image for easy reference of that code. Also look at the wp-content/plugins/ folder if there a file named as monit.php or not. If you find these code and file there then it ensures that your website is affected by monit.php.
How to remove monit.php malware from your WordPress website?
To remove infections immediately from your site, follow the simple steps mentioned below. That can initially remove all the annoying ads and unusual behaviors from your website. Before doing that it is advisable to create a full backup of your entire site by which you can restore the site easily if anything goes wrong while removing the malware codes and files.
- First step is carefully remove the unusual code from functions.php – Login to root and open public_html/wp-content/themes/my_theme/functions.php. Edit the file and remove the long unusual code from functions.php file of your theme as shown above. If you are using a child theme then also check parent themes functions.php file for that code.
- Delete monit.php file – Now go to wp-content/plugins/ folder, look for monit.php file and delete it permanently.
- Delete admin_ips.txt file – In wp-content/plugins/ there may also be a file called admin_ips.txt file. If it is there then also delete it permanently.
- Search for other files – Now look at the wp-includes/ folder for the file named as wp-cd.php. If the file is there then delete it permanently.
- Find other malicious codes – The optional step is look for the file wp-includes/post.php for any unusual or malicious code injected on that file or not. If you find some then delete the codes. Remember that this is a must required file of your WordPress installation and if you do not have much knowledge of coding then leave it from editing.
- Install security plugin – If you have not installed any security plugin previously then install a security plugin immediately. The popular and effective security plugin is Wordfence security plugin. Install and configure the plugin and run a full scan. This will scan for any malicious codes on your WordPress files and enable you to fix that right from the Wordfence scan page.
These simple steps will remove the malware from your site. If you feel that your site is still affected by malware then you may need to find a malware removal service (Paid) to completely remove any malware or viruses from your entire site.