January 7th, 2019 | Updated on August 21st, 2019
Malicious attacks are common for website owners. The problem does not have a specific demographic, with attackers spreading malware to as many sites as possible.
Recently, over 300,000 sites were infected by malware propagated through the use of the recaptcha plugin.
There are a few means to address malware attacks and restore your site. They are easy to carry out if you have a basic understanding of your WordPress setup and code.
Some of the steps may even be carried out by trustworthy plugins, making it even easier to remove malware from your WordPress site.
What steps are involved?
This is the first step in malware removal. Before you can remove malicious code or files, you need to be sure of their presence. Google will issue a warning, usually within a day, after your site has been attacked.
This warning will be accessible to all visitors, which could reduce your credibility and traffic levels.
Waiting for Google’s automatic malware warning could prove to be costly. By the time you receive the notification and start to address the issue, you may have already lost some traffic.
Users who visit your site may also be exposed to vulnerability as a result of the attack.
You can use plugins such as Wordfence and Sucuri Security to stay ahead of attacks. Scanning will also help you identify malware that acts covertly on your website by creating back doors for attackers.
2. Backup You Site
WordPress site owners are advised to regularly back up their sites. However, since most do not experience a need to restore their website from backups, only a few users will carry out monthly backups.
It could be crucial to restoring your site to full function after an attack.
Failure to back up your site will lead to loss of data. While attacks are not as common, they are sporadic and may be used to infect your site at any time.
The recaptcha malware plugin was only identified after infecting a large number of sites, which means that you could be vulnerable even when you do not have sufficient risk.
There are a number of great plugins available to help you back up your site, such as UpdraftPlus and BackupBuddy.
3. Manually Examine Your Backups
Making regular backups will offer you continuity after an attack. However, your backups could be infected too! You need to examine your backups to find an ideal restoration point to prevent reinfection by malware. For most site owners, this could be too technical.
If you do not know where to look, you could install WordPress afresh. After this, you should explore the installation directory to find any missing or additional bits of code, or files. The best backup should be as close as possible to your installation directory.
4. Format WordPress Directory
After finding the malicious files and choosing the right backup, you should start over with your WordPress installation.
Format the WordPress directory by logging into your control panel and deleting all the files there. For most users, these files can be accessed in the default installation directory, public_html folder.
Users with a custom installation directory will need to delete files from this specific location before progressing to the next step.
5. Reinstalling WordPress, Themes And Plugins
WordPress installation is an easy one-click process. You do not need any technical skill to make a successful installation. It will be as easy as installing WordPress for the first time, and will only require a few minutes.
Having installed the source code, you should then look into installing themes and plugins. You should only consider trustworthy themes and plugins for your refreshed site.
You could choose to use those that you had previously worked with, or find new alternatives from trustworthy sources.
6. Change All Passwords
Your passwords help to boost the security of your website. Some malware attacks offer backdoors to hackers who will gain access to your site, including all passwords used.
If your passwords remain unchanged after an attack, they will be able to access your site in future and render any malware removal service as a waste of time.
Changing your passwords will help secure your site. Attackers will need to inject new malware to your site to gain access.
It could be difficult for them if you have instituted protective measures against this. Without changing your passwords, you could make weaken the new security levels.
You need to change any e-mail passwords for accounts associated with your site, as well as passwords for your database, FTP access, hosting control panel and WordPress administrator panel.
Attackers’ access will be limited to the current malware attack, with this threat being eliminated after removal.
7. Checking Through Your Cookie Cutter List
In the event of an attack, Google and your web host may provide a cookie cutter list to help identify malware attacks.
These lists, even though they are not comprehensive, could provide a checklist to improve the efficiency of malware removal.
If you are using this list on its own to clear malware, you need to have a basic understanding of your Content Management System and WordPress build.
You should also understand the requirements and execute them precisely to prevent database corruption and loss of data.
If you are using this list in addition to these measures, you should be careful not to make any changes without being sure of the consequences for your site.
Aside from the cookie cutter list, you will also need to check your site against a credible malware detection system.
While some are available for free on the internet, Google’s security warning system is the top-of-the-line method to identify any malicious code and files. You could use Google Chrome to test the success of your malware removal attempts.
Malware is a bigger problem than most website owners think. While some malware may be harmless, most of these tools are designed with malicious intent.
They will redirect traffic to suspicious sites, create adverts and spam different parts of your site.
This malware removal guide should help you easily address the problem and reduce the risk involved for yourself and your site’s visitors.