Add to Flipboard Magazine.

What to do When WordPress Website Gets Infected With Malicious Malware

How to Clean Worpress  Malwere Infections

The other day happened to me, what I didn’t expect. After two years of no problems on my WordPress website, I never gave too much thought about security of my website as I took security for granted, since my hosting provider  I am really happy with, does security scans on a weekly basis.

So I received alert email that my website is blacklisted and infected.

I imagined if it ever happened, I as an average WordPress user will have their support in solving this problem. It turned out it is not that simple and you end up alone fighting will WordPress malware infection.

How to Clean Malware Infection on WordPress

Depends how tech savvy you are on general. I am an average user, know a little bit beyond the basics, but not so much tat I would be confident in messing with WordPress files.

Removing WP Malware on your Own Manually

To be successful on your own, you should be familiar with WordPress core files, FTP and your hosting control panel. If your host provides access to the command shell and you’re familiar with Linux.

Before you do anything, first change passwords in c panel, hosting log in, FTP  access, change  admin passwords and  user password in WordPress to something super hard (include numbers, upper cases, etc, the longer the better)  and log of from all locations.

The  simplest possible solution to remove malware in WordPress manually is to update wp-admin and wp-includes folder by downloading a fresh copy of the same version currently you have

Downloading the contents of your website trough FTP.

Scanning the downloaded files and your computer with an up-to-date anti-virus software and then clean them from malicious code, upload your files back on the hosting server. When the malicious code has been removed, you should upgrade all applications on your hosting account to their latest stable versions.

Then install wordfence security plugin https://wordpress.org/plugins/wordfence/  and scan all your files and it will find the code which you need to remove manually from files.  Also install 2 factor  https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ , and authentication plugin

If possible whitelist your IP for login area so that only you will be able to see the log-in page.  Replace the htaccess if it’s been tampered with.

If you are not confident to temper with malware mess, then the easy, but expensive solution is available. Sucuri  https://sucuri.net/ specializes in cleaning and repairing hacked websites, anything from in removing website malware, blacklists, phishing, infections, defacements, SEO spam, and other infections from infected websites as well as protecting against ddos attacks and other threats all based on cloud protection.

If you lack the knowledge, this service is perfect as they do anything after you pay annual fee. My website was cleaned in an hour, staff was updating me along the way during the process.

 

How to Avoid Malware Infections in WordPress

Update Plugins and Themes

Outdated software is the leading cause of site infections, and re-infections. Try to keep all your plugins, themes and WordPress installations always updated, as well as to remove all unused ones.

Be careful with Free WP Plugins

The cause for my malware infection was Adsense Made Easy plug in that was using plug in that was injecting a script in my page loading a script from a blacklisted domain. Free plugins are never free, they always get something back.  Change log in and email Passowrds on regular basis Changing paswords at least once a year should be a habit. Dont forget to change the pasword or emails connected to your website domain name.

 Get Hack Alerts from Hosting Provider to Avoid being Removed from  Search Results

This one saved me! If I didnt have hack alert subscription from Siteground, I would have no idea my site is infected and black listed. Being Blacklisted by Google is the last thing you want! Being blacklisted by search engines means loss in revenue, reputation and being removed from search results!

Get FireWall Protection

Since I paid hefty annual fee with Sucuri, I got firewall protection service included.

Before  proceeding with the firewall activation  you should know the following: if your site has a valid SSL in place and it’s redirected to HTTPS be ready for website to be offline for an hour or so during implementation of firewall. If you don’t want to be offline, another option would be for you to temporarily disable the redirect to HTTPS, while the necessary  changes are made for the activation. Once a SSL is installed on our servers you can re-activate the redirect to HTTPS.

Hope this post will be helpful to you, I am not an exert, just sharing what I learnd in the process of solving my first and hopefully last malware WordPress infection.

Have you ever had problems with website security? How did you deal with it?

Facebook Comments

Author: Nina Zara

Although by education holding bachelor’s degree in tourism and hospitality studies, Nina spent last six years working as digital expert in social media and SEO strategies, specialising in travel niche, helping brands from tourism industry to boost and improve online visibility and reputation. Even though travelled some parts of South America, Middle East and Europe, Nina’s true love affair remains with Africa. As an independent and curious traveller by heart, Nina is never satisfied with common average travel experience and always seeks for more diverse, local activities and places off the beaten path. In last five years she extensively travelled through East Africa, Zambia, Sudan and South Africa. Nina also lived in Tanzania for a while where she worked with safari company and knows safari business inside out. Nowadays writing and travelling Africa is full time occupation. Most of the year Nina is on the road, leading independent, digital nomad lifestyle and working from anywhere as long as there is good WiFi. For Nina, people are the essence of travel and she makes sure she makes local friends everywhere she goes.

3 thoughts on “What to do When WordPress Website Gets Infected With Malicious Malware

  1. Thanks for your recommendations. I will share this to my wordpress user friends! It is possible that you could install more secured plugins for your website?

  2. Very useful tips indeed! Spot on time when the whole world is worried about the various types of hacking happening… I’ll check out that hack alert subscription.

Leave a Reply

Your email address will not be published. Required fields are marked *