I have malware on my website. MALWARE.. what should I imagine when it comes to malware? Can you eat malware?
Short explanation: what is malware?
Malware is malicious software created by criminals. Malware should not be in your website.
Malware comes in all forms: viruses, trojan horses, rootkits, spyware, dialers, botnets, malicious websites, tracking cookies and more.
How malware gets into your website
Malware can easily enter your website via a leaky plugin, an outdated plugin or WordPress version.
Malware is not human-driven, so it grabs every website it can find on Google. Also your hobby site or your small business website.
What does malware do?
Malware “in your website” is actually incorrect. It sometimes shows itself visually in your website when it places links to other websites, but 9/10x the malware is secretly active on the server.
Your website has the access and rights to have the server execute commands. Once malware is “in your website” and therefore on the server, the malware can issue commands to the server.
Those commands from malware vary:
- Malware can: Send spam to email lists (Thousands of emails).
- Malware can: Search and infect other websites on the Internet.
- Malware can: forward your login details to a hacker.
- Malware can: Change payment information in your WooCommerce webshop to that of a hacker.
- Malware can: Offer viruses to your website visitors.
- Malware can: Create pages in your website that ask for customer passwords.
- And more..
You now know WHAT malware is, HOW malware gets into your website and what the malware DOES.
But now the most important thing,
How do I get rid of malware?
We are specifically talking about malware in your website here. And more specifically, malware in your WordPress website.
This is a step-by-step plan that you can follow to remove the malware from your WordPress website (and therefore from the server):
- Determine the date the malware first entered your website
You can see this from the modification date of files on the server, if that is not clear you can use your own insight.
- Restore a backup of at least 1 week before the malware entered your website
You may be able to restore a backup from when your website was malware-free.
Some web hosts store backups of your website, sometimes 1 week but sometimes also 1-2-3 months.
Keep in mind that a backup is a step back in time, so news items, users, woocommerce purchases and the like are NOT up-to-date with the old backup. Therefore, make a backup of this moment before you restore 1.
- Check the website for suspicious files and activities & back doors
– Check which files are on the server, whether they belong there.
– Check which users have administrative rights and whether this is correct.
– Remove backdoors, a backdoor is also malware, but then 1 that specifically keeps the door open to your server to allow more malware in.
Backdoors are regularly installed, even before a hack actually becomes visible. That backdoor is literally an open door for the malware to be able to execute the injection and commands again.
- Update your WordPress, plugins and theme
Make sure everything is up to date.
TIP: We often completely replace the plugins and WordPress completely on the server for new downloads, so you can be sure that there are no unwanted malware or lines of code on the server.
- Submit your website to Google webmaster tools
In Google’s webmaster tools, go to the security center and see if the website is not known as hacked/infected with malware there.
- Check your website for free at Sucuri
Scan your website with the Sucuri Malware Scanner
Okay your website is now free of malware (we assume).
How do you prevent malware from entering your website?
Secure your website with a security plugin. It is not completely foolproof, but it does stop 90% of all automated malware.
Please contact us, we do this work 7 days a week. We offer affordable solutions with warranty!
Click here for contact, then you are sure of convenience and a secure WordPress website without malware.