What should I do if my website becomes malware infected?
If you believe that your site may have been hacked, or if you have been alerted to the presence of malware through our Malware Scanner, you can follow this guide to restore your site and then protect it from further damage.
Please note: Our support team are unable to perform direct malware removal or provide extensive support with such operations, however, you can use the steps below as a guide on restoring your site to full working functionality.
Restore From Backup
By far the easiest and most efficient way of resolving a malware infection is by restoring from a known-good backup. With our Timeline Backups service, you can easily restore the website files and database from a previous date within the last 30 days.
You’ll want to perform a full restore as opposed to a partial one in order to ensure that all infected files are fully removed and that none remain.
Redownloading WordPress Core Files
If your website is built using WordPress, then you can use their easy way of redownloading the core files via the WP CLI tool.
To use the tool, you’ll first need to setup an SSH connection to your package.
Once connected, you can run the below commands to find your current version of WordPress and then redownload its core files.
1. Check the current WordPress version:
wp core version
You’ll then want to place the appropriate version number into the command below. In this case we’re using 6.3.2
2. Re-download the core files:
wp core download –version=6.3.2 --skip-content --force
You can confirm the validity and integrity of the WordPress core files using the following command:
wp core verify-checksums
If you’re using a WordPress package type, you can also use the Checksum Report tool under the WordPress Tools section to verify the checksums of the core files.
Securing The Site
Once you’ve restored the site to a working condition, you’ll want to secure it against further infections. The below suggestions can help prevent further issues:
- Ensure that regular backups are being taken using a service such as Timeline Backups
- Keep WordPress and all plugins and themes up to date
- Install and utilise a security plugin such as WordFence
- Disable and remove unused plugins and themes, as these are an easy target for hiding malicious code
- Reset the password for the site’s database and for all admin users
- Ensure that admin access is only given to those who really need it, and enforce more restricted access to all other users
Contact A Security Professional
If you’re unable to fully remove the malware infection or believe your site may still be at risk, we would recommend getting in touch with a security professional who should be able to provide a more in-depth analysis of the site, along with remediation steps.
Whitelist Request
If you believe a file is being incorrectly marked as malware by our Malware Scanner, please contact our support team. We'll be able to pass the file to our security team who can audit the file and consider whitelisting it if necessary. Please note that we cannot guarantee a file will be whitelisted.