How I Removed Malware From my WordPress Site.
So, a strange thing happened yesterday. As on any other day, the first thing I did in the morning was to walk into my office and open TechWiser. But when the site finished loading, I was shocked to see dozens of spam links all over the web page. These URLs linked to shady torrent sites and made the entire blog unreadable for visitors.
It was a little confusing at first. I couldn’t figure out how this could happen. I’ve taken all the basic precautions like enabling two-factor authentication for WordPress login and using the popular security plugin, making it difficult to hack a website from the outside. So, the culprit must be someone from the inside, like a plugin, theme, or SQL injection of whatever you’re looking for.
This usually happens if you are using free plugins or themes and the owner has launched a malicious update to make money fast. And sometimes a hacker just does it for fun. And they usually do it by modifying the PHP or javascript file by hitting refresh.
Malware attack is a serious problem. This can happen to any website, and if it does, you need to react quickly. So it’s always good to have information at hand.
I am not an expert in malware removal, but from my own experience and spending a full day studying it, I know a thing or two about it. And here I will share what I have learned so far. Like what you should do, the precautions you should take, and most importantly, how you should proceed step by step. So let’s get started.
If your site contains malware:
– you will see shadow links,
– users will be redirected to another URL,
– the browser will issue a warning,
– search engines will add your site to black list.
Usually, if there is malware on your site, you will see it immediately. And you can confirm this with Google Safe Browsing. But sometimes the impact of malware is not visible. For example, spam links will be hidden inside other links. In such cases, you will need a scanner to check all outbound links on your site. For this, I use a screaming SEO spider frog.
If you are sure that malware exists, here’s how you can remove it.
Remove WordPress malware
1. The first thing you need to do is change all your passwords (WordPress, FTP, web hosting, etc.) to more complex ones. In my case, I am using two factor authentication with my password, so someone has access through the main login, but I update my password anyway.
2. Next, you can restore the backup to temporarily fix the problem. And if you don’t have a current backup, make one immediately. Because some malware can delete an entire site or damage your database. Even your hosting provider can shut down a website if it detects malware, especially on shared hosting.
However, restoring a backup is only a temporary solution. Even if you go back to the previous day, chances are your files may still contain this malicious code. So, you need to make sure everything is clean.
3. Now, to find out where the malware is coming from, start by checking the source code of your website. Press CTRL + F and look for any piece of PHP javascript file that you cannot identify. If you find anything questionable, find the plugin or theme it links to and remove it.
Easier said than done, though. If you have no programming experience it will be difficult to read the source code and most hackers will leave no traces.
4. Then you can try by disabling all plugins one by one and see if the malware is gone. Use incognito or do an abrupt update (CTR + Shift + R) to see the changes. If nothing happens, repeat this with your theme. This is downloading a new copy of your theme, downloaded from the original source, and using the preview to see the changes. If the malware is gone, the problem is with your current theme. Change it.
5. It is not enough to disable plugins. Because they often leave leftover files. So, you need to completely remove any unused plugins, themes, or anything that is not recognized on your web server, like the zip file. However, before doing this, make sure you have a backup and then use an FTP client.
Removing plugins or unactivated themes will not seriously affect the functionality of your site. For example, if you uninstall the YARRP plugin, there will be no corresponding message at the end of the article, but everything else will work correctly.
6. You can also contact your hosting provider and ask for help. However, it didn’t work in my case. I have a fully managed VPS from HostGator, but they quote me $ 37 to find the root cause. It’s definitely too much, so I didn’t go that route.
7. Another popular way to scan for malware is by using the malware detection plugins. There are many free ones in the WordPress repository. I tried Anti-Malware for the first target, which gave me a lot of false alerts. And when I deleted those files, nothing happened.
8. Finally, after 3 hours of trial use of each free workaround, I eventually brought the suuri business plan. It cost me $ 225 (discount included) for a year.
Here’s how it works: You buy a plan from them. The minimum subscription is for one year and there is no free trial. Now that you pay for your subscription, you need to log into your account and open a new ticket. You will be assigned a person who will request your web server and FTP details and then solve your problem within the time frame outlined in your plan.
And luckily it works for me. The Securi team removed all malware from my site within 12 hours (although my plan was 6 hours). All links to torrents have disappeared, except for this, there were no changes in the functionality of the site.
Then you need to enable Cloud Proxy Firewall to prevent future attacks. This is included in every plan. To do this, you need to replace your nameserver with theirs so that all traffic goes through them. If you don’t know how to do this, they can do it for you.
What’s next?
Once all the malware is gone, you need to –
Update your WordPress version, plugins and themes
Never installed free themes or plugins in the future. If you really need it, only use a popular developer who has a monetization model installed.
Check if your site is safe using Google Safe Browsing. If your site has a malware error, request a review from the Google Webmaster Tool.
Make a fresh backup. I switched from free BackWPup to paid Vaultpress plugin. For $ 5 a month, they provide the best backup service in the industry. It’s worth it.
Final Words
Malware is bad and needs to be removed quickly. Or you will lose your daily income and Google will blacklist your site as well. These are both short-term and long-term losses. So, if there is a malware attack on your site, solving it should be your first priority.
Now, if you’re lucky, free tools will be able to remove malware. But if that doesn’t work, don’t waste your time and seek professional help as soon as possible.
Sucuri is one of the best malware removal services. While their services are quite expensive, it is worth it in the end. You get the peace of mind knowing that your website is safe from any kind of attack and focus on what you do well.