Wordpress site with BlueHost

Posted on 2011-10-31
Last Modified: 2012-05-12
I have a customer that has a WordPress site hosted on BlueHost but everytime you bring it up, it says this file or that is infected with a virus.  How do I go about cleaning this up?  I do have admin rights to the site now.
Question by:Daren Anderson, MSIS
    LVL 70

    Accepted Solution

    There's a bunch of different things you need to do.

    1) You need to determine what file or files are infected.  

    Before any fix, you have to figure out how the virus is being spread.  Usually one or more wordpress core or theme files get modified via a shell exploit to serve up malware but an attacker can also insert code into the database if s/he figures out how to do that.  So step one is examining all theme files, core files, and content entries looking for the bad code. can help with this

    2) You need to harden WordPress

    First, make sure all plugins and themes and WordPress itself are patched and at the latest versions.  Then, harden your installation by following suggestions laid out here:

    3) You need to determine how you were compromised

    There are three broad vectors of attack against a site:  

    a) A poorly coded theme or plugin is exploited
    b) Poor passwords on the hosting account get brute-forced
    c) The ISP is not serious about security and gets hacked and users gain root control over servers

    You figure out a) and b) via a little research but if the problem ends up being c) then move to new hosting.
    LVL 31

    Expert Comment

    Older plugins using timthumb.php have been a big cause of recent exploits.

    I had a problem with a site that kept injecting buy Viagra links and I couldn't figure it out no matter how hard I looked.  In the end it was just easier for me to export the posts, delete the database, re install WordPress and import the posts.

    But marked as infected with a virus is a little more serious than my spam links.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    What's this? As a volunteer Page Editor for, I have noticed that many authors also have blogs, and pull articles from their blogs to post at Experts-Exchange. I appreciate each author sharing their blog content with our site …
    So you have coded your own WordPress plugin and now you want to allow users to upload images to a folder in the plugin folder rather than the default media location? Follow along and this article will show you how to do just that!
    The purpose of this video is to demonstrate how to automatically show related posts at the bottom of a blog post in WordPress. This will be demonstrated using a Windows 8 PC. Plugin “Yet Another Related Posts Plugin” will be used. Go to your…
    The purpose of this video is to demonstrate how to reset a WordPress password if you are locked out and cannot reset the password. A typical use would be if you cannot access the email to which WordPress would send the password recovery email to…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now