Fixing WordPress Website Infected by .ico Malware

 More cases of WordPress websites being infected by .ico Malware are showing up and it is a difficult job to get rid of it completely and make sure site safe again, but it's not impossible. 

I wrote an article on fixing this virus problem before and it is recommended you check it first, it explains how to get rid of the virus by manual process simply by finding the strange looking PHP files and the .ico files which are spread across different folders, it makes it very hard to find if you are not someone who deals with these sort of things on a regular basis.

Just recently multiple websites were again infected by this malware, which in all instances caused the website's to go down and returned error messages like "There has been critical error on your website."

What does the malware do?

The malware may have originated from a compromised plugins (it happens a lot often on WordPress platform) which have now infected your whole server with strange looking PHP files in different folders which includes the core WordPress files and also the plugin files, when it does that a faulty plugin file can lead to your site going down, in some cases your admin dashboard won't be accessible in some cases the main site, and sometimes both. 

What to do now?

It depends on your experience in cleaning up sites and detecting infected files. If you are not a tech savvy person it might be difficult, best option is to hire somebody to do it for you and get it fixed completely. I have a lot of experience in this and if you want my help you can email me at and we can take it forward. 

For the developers, read this article, the cleanup process involves finding the strange files, you will know when you see one and also files with .ico extensions. Along with that I would definitely recommend the plugin MalCure which can save you a lot of time by helping you find the infected files so that you can clean it up yourself completely.