MALWARE REMOVAL
Surgical removal. Confirmed clean. No broken sites.
Automated removal that targets only the malicious code
Surgical removal — only the infected code, nothing else
Goes inside your server via FTP/SFTP to find and remove only the infected code not the files around it. Your themes, plugins, and content come through untouched.
Deep database cleaning — the layer most tools miss
Scans your database tables for injected redirect code, spam links, and phishing payloads that file-only scanners never reach. Removed automatically, without manual SQL edits.
Clean confirmed — visible in your Site Health score
After removal completes, your Site Health score updates in real time. When it turns green, you know your site is clean not just that the scan stopped running.
File-level malware detection and removal
Scan every file on your server — not just what a browser can see
SMART File Scan connects to your server via FTP/SFTP and scans from the inside out, covering files that plugin-based tools and external scanners never reach. Backdoors, injected scripts, and hidden payloads have nowhere to stay undetected.
Remove infections without touching anything else on your site
When SMART finds malicious code inside a legitimate file, it removes only the code matching its malware signatures — not the file itself. Your themes, plugins, content, and custom code come through intact. If the entire file is malicious, SMART deletes it cleanly.
Catch infections that plugin-based security tools can’t reach
Plugins protect the application layer. They cannot scan server files directly. SMART runs at the server level, so infections buried in directories that plugins never access are found and removed.
Know exactly what was found, fixed, and what still needs attention
Every scan breaks results into malicious, suspicious, and items escalated for expert review — so you always know what was checked, what changed, and whether anything still requires action.
Trigger a fresh scan whenever something feels off
On-demand scanning lets you run a check after a plugin update, a content change, or anything unexpected — without waiting for the next scheduled pass.
Database malware detection and removal
Find malware hiding in your database — not just your files
SMART Database Scan covers your CMS database tables for injected redirect code, spam links, and phishing payloads — the attack surface that file-only scanners miss entirely. Threats are removed automatically, without manual SQL edits.
Get accurate results on WordPress without extra configuration
Database scanning includes WordPress-specific detection patterns, so CMS-level attack signatures are identified accurately rather than missed by generic rules. For WordPress and Joomla, database credentials are detected automatically.
Undo a database cleanup if anything looks wrong
If an automated fix ever causes an unexpected issue, you can restore the database to its pre-scan state in one click — so automated removal never feels like a step you can’t take back.
Backdoor removal and re-infection prevention
Stop the same attackers from getting back in after cleanup
Hackers plant backdoor files after an infection specifically so they can regain access once visible malware is removed. Manual cleanup almost never finds them. SMART identifies and removes backdoors in the same pass as the malware — not as a separate step.
Deny backdoor access even if the file survived cleanup
Detects backdoor files and blocks attacker access to them at scan level, so even if a backdoor was previously installed, attempts to use it are denied.
Know immediately if anything tries to come back
Scans keep running after malware is removed. Threats are detected near real-time and your Site Health score reflects current status — not yesterday’s last scan. A new infection attempt triggers an immediate alert, not a days-later discovery.
Post-cleanup confidence
See confirmation your site is clean — not just silence
After removal completes, your Site Health score updates in real time to confirm the clean state. Green means clean — it’s a clear indicator that cleanup is done and protection is active, not an absence of alerts that could mean anything.
Close the security gap attackers used before they try again
When SMART identifies a vulnerability in a plugin, theme, or CMS core file, SMART Patch notifies you immediately and can apply a virtual fix — closing the entry point before the next attack attempt reaches your server.
Get your site off Google’s blacklist after cleanup
Submitting to Google for a re-index and working with your hosting provider to have the site de-listed are part of SiteLock’s Expert Services offering — available once a clean scan can be confirmed as evidence.
See malware removal status alongside all your other security checks
Every scan result updates your Site Health score and Prioritized Security Action Queue, so malware removal sits in one ranked list with your other security tasks — not a separate tool to check separately.
Expert services
Get a real person when automated removal isn’t enough
Call, ticket, and email access to SiteLock Security Experts at any hour. When a persistent infection, an unfamiliar payload, or a recurring attack needs more than a scan, a real person steps in directly.
Get your site cleaned in hours, not days
Once server access is granted, SMART File Scan begins within minutes. Most sites are fully cleaned within 4–6 hours — including nights, weekends, and public holidays.
Manage everything from one dashboard, not separate tools
Malware scans, database scans, Site Health score, and expert access all sit inside the same SiteLock dashboard — one login, one view, no switching between tools to understand what’s happening on your site.
Join 16 million websites already protected by SiteLock
SiteLock Website Security Plans
SiteLock Basic Plan
$35/Month
Ideal for budget-conscious websites looking for basic scanning & backup
Ideal for budget-conscious websites looking for basic scanning & backup
- Complete onboarding and setup available, free-of-charge
- 24/7 Access to Customer Support
- 30-hour ticket response time
- Unlimited Automatic Malware Removal
- SiteLock expert team removal not available
- Website Backup (up to 2GB)
- Daily backups of website files & database
- Daily Site Scanning, including:
- SSL Monitor
- Webpage Scan
- Email Reputation Scan
- Site Health Status
- SQL injection scan
- Cross-site scripting scans
- Daily Code & Database Scanning, including:
- Codebase, database, and CMS scanning
- Vulnerability detection
SiteLock Pro Plan
$49/Month
Best suited for websites with a large amount of traffic needing an extra layer of protection
Best suited for websites with a large amount of traffic needing an extra layer of protection
- Complete onboarding and setup available, free-of-charge
- 24/7 Access to Customer Support
- 24-hour ticket response time
- Unlimited Automatic Malware Removal
- Unlimited SiteLock Expert Team Removal (excludes pre-existing infections. For removal of pre-existing infections, SiteLock 911 is required)
- Website Backup (up to 5GB)
- Daily backups of website files and database
- Daily Site Scanning, including:
- SSL Monitor
- Webpage Scan
- Email Reputation Scan
- Site Health Status
- SQL injection scan
- Cross-site scripting scans
- Daily Code & Database Scanning and Patching, including:
- Codebase, database, and CMS scanning
- Vulnerability detection and automatic patching
- Content Delivery Network (CDN) and Web Application Firewall (WAF), including:
- Malicious bot blocking
- DDoS protection
SiteLock Business Plan
$74/Month
Best suited for business and e-commerce websites of all sizes.
Best suited for business and e-commerce websites of all sizes.
- Complete onboarding and setup available, free-of-charge
- 24/7 Access to Customer Support
- 12-hour ticket response time
- Unlimited Automatic Malware Removal
- Unlimited SiteLock Expert Team Removal (excludes pre-existing infections. For removal of pre-existing infections, SiteLock 911 is required)
- Website Backup (up to 10GB)
- Daily backups of website files and database
- Daily Site Scanning, including:
- SSL Monitor
- Webpage Scan
- Email Reputation Scan
- Site Health Status
- SQL injection scan
- Cross-site scripting scans
- Daily Code & Database Scanning and Patching, including:
- Codebase, database, and CMS scanning
- Vulnerability detection and automatic patching
- Content Delivery Network (CDN) and Web Application Firewall (WAF), including:
- Malicious bot blocking
- Backdoor protection
- DDoS protection
- CDN and WAF Power User and e-Commerce Controls:
- 2-factor authentication for protected/login areas via email or SMS
- Firewall PCI reporting
- Custom WAF rules editing dashboard
- More than 40 detailed reports
