When creating a website, one of your primary concerns is security. A breach in your security can cause massive issues, such as data leaks, data theft, identity theft, and many other minor and major problems that will hurt you or your visitors and, potentially, land you in a lawsuit.
Sadly, security breaches aren’t uncommon, especially if you’re using WordPress.
This isn’t, however, because WordPress is not secure enough; it’s simply because WP is the most popular and widely used content management system in the world, so it gets attacked very often.
In fact, it gets attacked so often that, according to Sucuri, WP attacks account for 90% of all attacks on CMSs.
With that said, it then, becomes essential that you protect your website from malware and, in case you get a security breach, know how to remove it.
Table of Contents
Symptoms of Malware
To be able to fight malware, you must first recognize it. Or, rather, you need to recognize symptoms of malware on your website to know where to look for it.
One of the most obvious symptoms is the presence of visible changes on your website or in the SERPs.
Your meta descriptions will contain nonsense phrases or characters, your website will abound with pop-ups and ads that have no business being on your website, or your website will redirect your users to an entirely new, spam website altogether.
Sometimes, you will even have code appear on the pages of your website. The worst part about this is that, as a developer, you might not notice these things at first from the backend. Only when you go to your website as a visitor will you notice these changes.
Another very obvious symptom is that you’ll get blacklisted by Google. If your website gets slapped with a big red warning notice, it means Google has detected malware on your site and is warning people away.
Finally, you might get shut down by your host. Your host is likely going to shut down your website immediately if they smell even the slightest malware to save the rest of their server.
If you had your website shut down, it’s likely infected, and you need to address a potential infection.
How to Clean Your Website
Use a Security Plugin
One of the most common and recommended ways to address a potential malware breach on your website is to use a security plugin for WordPress.
Plugins like Sucuri, iThemes, and Wordfence are some of the best and most vetted security plugins that will handle scanning and malware removal at the press of a button.
It is highly recommended that you use one of these plugins, as they’re the safest and most thorough way of removing malware. But, if you are adamant about not using one, you can also…
Remove Malware Manually
Manual removal of malware can be a very slow and daunting process, as one wrongly deleted file can crash your entire website.
However, by approaching the venture carefully and with some eagle-eyed grace, you can spot and remove malware even if you’re not a tech wiz. Though we recommend leaving manual malware removal to expert managed IT companies, here’s how you can do it yourself.
Create a Backup
The first step when cleaning a website is to create a backup of your website. If you’re a more prudent website developer, you’ll have been introduced to the benefits of backing up your website regularly, and you’ll, hopefully, have one or several backups at hand.
To create a backup, you need to compress your wp_content folder using the Files Manager and download the zip file.
If your host, however, has a “snapshot” feature, you may also use that as a more expedient way of creating a backup. Alternatively, you can also run a backup plugin on your WordPress.
You will also need to create a backup of your .htaccess file. This is a little trickier, as the file itself is invisible. Download it using the File Manager, as it will only be visible there.
Backing up and cleaning this file is very important as it contains many lines of code that allow the functionality of your website.
Finally, create a backup of your database, as malware could be hiding there as well, so it’s important to clean that up too.
Before we start examining files, we need to first reinstall WordPress.
The reason behind this is that the reinstalled version is guaranteed to be clean. You will not have any of your configs for now, but the clean install will help us create a reference wp-content file that we can use to spot any malicious code or files embedded in our backup.
Examine the Files
Now, here comes the hard part: examining the files. This is a long and arduous process, as you will have to go file by file, folder by folder, and identify possibly malicious code.
This is where the freshly-installed version of WordPress comes in. With a clean install, we’ll have installed clean core files, and we can then examine our backup for any malicious files or lines of code that have been embedded into our files there.
After cleaning the core files, we can move on to our theme and plugin folders. Again, the catch is spotting things that look out of the ordinary and removing anything that looks foreign.
One helpful tip is that malware usually doesn’t follow standard WP naming protocols, so you can identify malicious files by spotting these naming discrepancies.
After this, move on to your .htaccess file. As we said, this file provides functionality to your website in many instances, and if this file is infected, you’ll have, essentially, left a backdoor for the hackers to abuse further and reinfect your site.
Finally, after thorough examination and cleaning, we should also clear our cache, as cached files might be infected too and may reinfect our website when we put it back up. In addition, perform a full scan of your device as well to make sure you don’t have any malicious files on it that can infect your website during the cleaning process.
Reinstall Themes & Plugins
Perform a clean install of your themes and plugins as well to, again, make references, and remove any potential malware.
Here’s the hard truth - most malware on WP websites comes exactly from themes and plugins. Check any WP guide and you’ll notice that a lot of emphasis is put on finding reputable themes and plugins because those two elements usually hold the most backdoors, and many of the shady ones are made with malicious purposes in the first place.
Reset All User Names and Passwords
This is a must-do step in case of an infection.
Oftentimes, hackers will attempt to gain admin access to your website. If they do, they’ve effectively taken it over, and they can modify your files and code in any way they wish.
This is why changing all usernames and passwords is so important - not only will the hacker have to brute force their way through your passwords again, but during the username auditing process, you may notice usernames that weren’t there before and identify the hacker.
Reupload Images and Other Media
After you’ve completed a clean sweep of your website, you may start auditing and reuploading your media files.
Ultimately, when it comes to website security, vigilance and smart investment in security plugins are paramount. Hackers have a number of ways of gaining access to your website, and if you don’t have a security system in place, you’re leaving yourself wide open.
Additionally, regular updates of WordPress, as well as your themes and plugins, should always be your priority. WP devs are always looking for new ways a foreign entity can gain access to your website, and their security updates are made to patch out any potential backdoors that might leave you vulnerable.
And finally, seek help in the event of an attack.
A developer may put a price tag on their services, but you cannot put a price tag on your and your clients’ privacy. So, in order to keep everyone safe, and if you don’t have the technical know-how, hire devs who do, and they’ll be worth more to you than their weight in gold. That’s a guarantee!