Malware attacks can ruin years of hard work and content creation, but some webmasters still don’t take this threat too seriously. More than 4 thousand ransomware attacks occur every day, which means that hackers exploit even the smallest vulnerability to break the website security. In case your site is infected, you should learn how to get your website hacked fix. In this post, we will show you the most practical tips on how to clean a hacked website. Let’s take a look at the four major steps in this process.
1. Finding Malware
The first thing you need to do before malware removal is to scan your site using one of many anti-malware tools. If you are using WordPress, Security Ninja’s Malware Scanner will do the job for you. With this kind of software, you can inspect the entire website and find malware locations. Once the scanning is over, make sure to note any payloads and blacklist warnings.
The second stage of malware detection is to check core file integrity. Namely, core files are not supposed to be modified at all so if you do find changes it’s probably because your website security is jeopardized. You can test it for potential changes through the “diff” command located in site terminal or manually check each file in SFTP.
Another approach would be to utilize a tool like the Emergency Recovery Script which automatically detects potential malfunctions, so if there are any corrupted core files in WordPress, this tool will recognize them and automatically download and install the original ones to get everything up and running with only a few simple clicks.
Rita Wingfield, a web security specialist at Resumes Planet, revealed another way how to clean a hacked website in this initial stage: “One more thing you can do is to compare the current condition of your website with one of its older and malware-free versions from the backup. A simple comparison will reveal all differences between the two versions, so you can easily spot each irregularity”.
2. How to Clean a Hacked Website – Malware Removal
Now that you’ve learned how to find malicious software, you should also see how to get your website hacked fix. If you don’t want to leave it up to your anti-malware tools, here is how to clean a hacked website manually:
Log in to the server through SFTP or SSH
Conduct a website backup before launching the anti-malware procedure
Mark recently changed files
Enter the date of suspicious changes as well as the user who made them
Restore these files
Open custom files using the text editor
Delete unusual and suspicious codes
Test website functionality upon changing files
However, the job is not done yet and you need to learn a few more things about how to clean a hacked website.
The new task is to restore hacked database tables. Go to admin panel to log in to the database and do the backup. After that, you should look for suspicious content such as links or keywords and remove it manually. At the same time, you should delete all database access tools.
Another thing you must complete is to remove hidden backdoors. Most hackers leave backdoors in order to access your website freely. In order to do so, they use PHP functions like base64, exec, system, assert, etc. Regular website plugins use most of these PHP functions, so be careful about finding and removing the corrupt ones.
3. Remove Malware Warnings
Now that you’ve seen how to clean a hacked website, we hope you can use the knowledge to remove malicious software. But you still need to do a couple of things and the first one is to remove malware warnings.
Google usually blocks and blacklists hacked websites, so you should demand a status review upon fixing the problem. Call your hosting provider to ask for the suspension removal and then go to Google Webmasters Search Console to fill in a review form.
4. Improve Website Security
It’s not only important to understand how to clean a hacked website. On the contrary, it is even more important to improve security and prevent new malware attacks.
A surprisingly large number of sites use outdated software versions, which is exactly what hackers are hoping for. For this reason, you definitely want to update your content management system, plugins, themes, and credentials. Old and outdated plugins are very dangerous, so take care of them regularly.
Besides that, you should reset passwords for all access points including the database, user accounts, FTP and SFTP, SSH, and cPanel. It would be good if you could minimize the number of admin accounts because more accounts mean more passwords that could be discovered and eventually broken.
When you think about how to clean a hacked website in its entirety, don’t forget to reinstall every plugin and extension to avoid facing residual malware. Old and inactive plugins could harm your website because they are also an easy target for hackers, so we strongly recommend you delete them if you are sure you won’t be using them anymore.
We’ve come to the last point in our anti-malware procedure. Now that you are sure your website is completely clean, you should implement a reliable backup strategy as an extra layer of security. In that respect, you should store backups in the off-site location. This way backups and old site versions cannot be hacked, unlike backups, you store on the server.
Automation is crucial in terms of website security. As you probably won’t have enough time or patience to run backups manually, the system itself should be set so as to do it automatically on a regular basis.
If your site gets hacked, you need to react immediately and do everything you can to prevent malware from making further damage. In this post, we showed you how to clean a hacked website. Keep our tips in mind and make sure to improve your site’s security so that you don’t have to worry about website recovery.
Warren’s lifestyle is full of hiking adventures. When he’s not busy with his guitar or enjoying the sunny day outside, he excels at blogging skills and leaps through social media. Contact Warren on Twitter or Facebook
Thank you for subscribing to MotoCMS blog!
This email is already in use.
Something went wrong. We are fixing this. Try a bit later.