Malware – remove it from hacked site
Removing malware from infected WordPress site and future prevention are very usual problems with which people face nowadays. It is strongly advised to take action as fast as possible when notice something strange happening.
Modern website development and maintenance are facing big problem today due to increasing of hacking | malware attacks. If someone is wondering why hackers are doing that – reason can be totally benign, but in some situations there are real targets and reason for doing that(private accounts, bank numbers, business info etc). The fact is – one reason or another, everybody can be potential target, and if attack is successful immediate user action is needed. Malware remove must be done immediately.
This is really scary part: This map reveals only the tiniest possible tip of the hack-attack iceberg—penetration attempts against a subset of Norse’s network of “honeypot” traps alone. The actual number of hack attempts lighting up the web at any given moment is far, far greater than this nifty experiment can ever possibly show.
Usual thing nowadays is client’s comment after finishing website development -“We don’t need anything else, our site is perfect now. (i.e We don’t need SEO, Performance optimization or Security optimization”. This is the main reason why every single day there are tons of posted jobs on Upwork like “Need IT expert to clean hacked website, Expert needed to remove malware from website, Google sends notification about malware infection ” etc. Even worse then this is fact that website owners are mostly noticing malware infection when it comes to Google, and it reports website as infected.
The best way to avoid all these harms and unneeded cost is to think about it before infection. Prevention is always better choice. It is always better to pay some additional expert before comes to malware infection part.
Prevention of malware attack is complex process and for real expert it includes several tasks which can take some time and reduce chances for website being attacked to minimum.
It is not just installing plugin on WordPress website which will scan for malware and potentially remove it – its bigger step than this.
Any file on website can be/contain Backdoor which can allow hacker to enter your FTP/website/MySql or similar.
Real process includes scanning(with plugin AND MANUAL) to be sure there is no malware at that moment, installing some plugins for security, and then most important part-custom tweaking, editing permissions, .htaccess and additional security.
After that, it is important to implement proper Anti-malware firewall mechanism.
There are a lot of interesting and useful plugins for that purpose on WP repository .
Important notices in prevention/when your site got hacked:
Make a Backup
Even if you have a WordPress backup solution in place, make a backup of the current WordPress website. A WordPress backup is very important at this stage since:
- It will allow you to analyse the infection at a later stage,
- Hosting providers tend to delete your WordPress website should they identify the hack,
- If you do not have a backup in place, at least you can salvage some of the website from this backup before things get worse.
Identify How WordPress Site Got Hacked
The first thing you should do is to try and identify what happened, i.e. which security weakness the hackers exploited to gain access to your WordPress. Ideally you should not change any passwords or files at this stage. This can alarm the hacker and things can get worse. Many also recommend to simply restoring a backup of your website.
Restoring the backup of your WordPress is a good thing, but by doing so you are only removing the infection. You are not closing down the vulnerability or security flaw the hackers exploited, hence why this stage is very important.
Here are a few things you should be looking into to try and identify the source of your WordPress hack.
Web Server and FTP Server Logs
You should also take a look at the web server and FTP server log files. See if you can spot something unusual, maybe activity from an unusual IP or a new username. If you have other network services running on your server, check their logs as well.
Check WP plugins and themes especially Outdated ones
Check the list of installed plugins, both from the WordPress dashboard and in the directory /wp-content/plugins/. Are all the WordPress plugins being used? Are they all up updated? Check the themes and the themes directory /wp-content/themes/ as well. You should only have one theme installed, the one which you are using. If you are using a child theme you will have two directories.
Check WordPress Users and Roles
Check all the WordPress users. Are all the users being used? Are there any new suspicious ones?
Check .htaccess file and wp-config.php file
.htaccess files (directory level web server configuration files) are also a common target for hackers. They are typically used to redirect users to other spammy and malicious websites. Check all of the .htaccess files on your server, even those which are not being used by WordPress. Some of the redirects can be difficult to spot.
Finding the WordPress Infection & Malicious Code and proceed with malware remove
This is the part which is most important. To be short and clear- this is the place where you definitely need Security expert. Temporarily or not totally cleaned hosting spaces or websites can cause returning infection in short time.
In 5+ years in WEB security, Leadwebtech can provide you or your company complete website security review, with all steps above, in the shortest timeframe and efficient way. Hundreds of successfully healed websites are proof of that.