Clean hacked WordPress website. Remove WordPress malware for free.

how to clean a hacked wordpress website for free

How to clean a hacked WordPress website for free. WordPress malware removal tool.

Is your WordPress website loading slow or not at all? Are your website visitors complaining about popups and redirects? If so, you may be a victim of a hacked WordPress website.

The Problem

A clients website was loading very slow, popups were being displayed on the website and visitors were being redirected to other sites.

GTMetrix showed that it was only around 1MB in size and the load time was about 20 seconds. Obviously something was seriously wrong. I contacted the web host and they showed no issues on their end, so I went to work on the website.

You can check your GTMetrix score here —–>> GTMetrix

The site had Wordfence installed and activated. I ran a full scan and Wordfence didn’t find anything wrong.  I knew I had to find something better to remove the malicious code and repair the hacked WordPress website.

The Solution

After a couple hours of trial and error, I came across this little gem —–>> GOTMLS Anti-Malware Security and Brute-Force Firewall.

The installation and setup process is very straightforward. The easiest way to install the plugin is through the “add new plugin” section on your WordPress site. Search for GOTMLS, install, then activate.

It’s pretty much plug-and-play, but you do need to register the plugin and manually download database updates. Not a big deal.

The scan took about 2 hours to complete on the infected website. GOTMLS found several issues and removed them all.

The website instantly started loading in about 1.5 seconds and has not had any issues since. This is, by far, the best plugin I have found to remove rogue ads and clean a hacked WordPress website.

I am currently running GOTMLS and WordFence without issue.



  • Run a Complete Scan to automatically remove known security threats and backdoor scripts.
  • Firewall block SoakSoak and other malware from exploiting Revolution Slider and other plugins from known vulnerabilities.
  • Upgrade vulnerable versions of timthumb scripts.
  • Download Definition Updates to protect against new threats.

Premium Features:

  • Patch your wp-login and XMLRPC to block Brute-Force and DDoS attacks.
  • Check the integrity of your WordPress Core files.
  • Automatically download new Definition Updates when running a Complete Scan.


From the author ~ “This Plugin was created to help WordPress admins clean infections off their site. It was inspired by my own need to to clean up one of my BlueHost accounts after a pretty bad hack (see How It All Started)”