Some estimates state that 40% of websites use the Content Management System (CMS) known as WordPress. WordPress is one of the easiest ways to get a professional website up and running quickly.
But if you don’t keep your site updated then there is a good chance that you will wake up one day to find that you have malware on your site.
Most people find out that their site was hacked when they find out that their browser starts flashing a warning when they try to access the site. For example, if you use Chrome then the warning will look something like this:
So, what to do? There are many services available that will help you remove malware from your site. But this list of suggestions will get you to a solution fairly quickly without the need to pay someone.
The first thing to do is to call your hosting service
The first thing you need to do is call your hosting service. There is a strong probability that they can help you to get this issue fixed.
Your hosting service can run a scan of your site and determine the exact malware that you have been infected with. Then they can advise you on what steps you need to take to remove the infection.
Most likely, you will need to revert to a backup. Simply put, you need to restore the website to a point in time before it was infected. Most hosting services now offer automatic backups. So, if you are lucky, the hosting customer service can take care of the work needed for you.
If your hosting service can take care of this then you are golden! After your site is restored be sure to update your WordPress software to the latest version and also update all of your plugins. It is best practice to disable and delete any plugins that your site is not using
If you hosting service can’t help
I would be surprised if your website hosting company can’t provide you with the help that you need. But if you don’t get the help that you need then you will have to run a scan on your own. There are many WordPress plugins that you can use to do this. The top three that I recommend are:
After you run the scan you will have confirmed that you have a problem. Now is the time to find the last backup that you have of the site. If you have not backed up your site for a while, then you will need to face the consequences – Your backup restoration will put your website back in time and you may lose some content.
Completely remove all of your WordPress files from your server.
You need to remove all of the WordPress files on your site. Don’t waste your time trying to fix the infected files.
I have spent hours trying to track down and eradicate the malicious code on some of my sites that were hacked in the past. This turned out to be a waste of time because the malware just kept coming back. The best thing to do is to delete the WordPress site and to start fresh.
You can delete the files manually, but the most effective thing to do is to use the Cpanel to remove the instance of WordPress. Then re-install the WordPress software fresh. If you have any trouble doing this just contact your hosting provider. They can answer your questions or point you to a tutorial that will walk you through the process
Reinstall your Theme and Plugins
Next, re-install your theme and your plugins.
Restore your backup
Then, restore your backup. If you are using a plugin like Backup Buddy you can follow the instructions provided by the plugin creator.
To be sure that your restored site is clean you will need to run your scan again. If there is still a problem then you will need to revert to an even earlier backup of your site. If your site is now clean then it is a success.
Tell Google that your site is clean
Now you need to go to your Google Webmaster account to let the know that your site is ready to be taken off the malware site list. If you don’t already have an account it is easy to get one. Just click here: Google Webmaster Tools
What if you don’t have a backup?
If you don’t have a backup then there are a number of services that can assist you. You should be able to have this site cleaned for a song – $50 to $200. Then chalk it up to a lesson learned. In the future make sure you pay for a backup service or get a plugin like BackupBuddy.