axessJosh
asked on
Best way to clean up Wordpress site with malware
Wordpress site cleanup. Site URL shows as Hacked on Google search.
What is the best system, service or potential plugin to clean up a wordpress site that has been infected with malware?
What is the best system, service or potential plugin to clean up a wordpress site that has been infected with malware?
Unfortunately once a site has been compromised, it can be difficult to find all the injected code. We use cPanel for our WordPress sites and backup/restore has worked flawlessly. Nothing replaces a good backup/restore process and it's much easier to restore a known working site than trying to fix a broken one. Do you have backups of the site?
ASKER
I'll have to check. I'm helping a friend with his site.
If there are no backups, are there any tools that can help?
If there are no backups, are there any tools that can help?
I've recovered many 100s of WordPress sites over the years.
Fastest recovery took a few minutes. Longest recover took roughly 50 hours, spread across many weeks, as reinfections occurred + new exploits were then discovered + removed.
Based on your question, I'd suggest you hire someone to do this for you.
First step is usually to change hosting. Here's why...
Recently a client asked me to give him a ballpark overview of reasons for sites being hacked.
I went back over WordPress site cleanses I'd done over the past few months, then I went back over several years.
I found <10% of site hacks occurred through WordPress + the rest (majority) of hacks were due to OS based problems, like a hosting company running some insanely old version of PHP or FTP (rather than SFTP) or non-SSL logins.
So first step to cleansing a site is always move to hosting running all latest stable LAMP code - Linux/Apache/MariaDB/PHP + latest OpenSSL + no plain text logins (so SFTP + all site logins are SSL wrapped).
Fastest recovery took a few minutes. Longest recover took roughly 50 hours, spread across many weeks, as reinfections occurred + new exploits were then discovered + removed.
Based on your question, I'd suggest you hire someone to do this for you.
First step is usually to change hosting. Here's why...
Recently a client asked me to give him a ballpark overview of reasons for sites being hacked.
I went back over WordPress site cleanses I'd done over the past few months, then I went back over several years.
I found <10% of site hacks occurred through WordPress + the rest (majority) of hacks were due to OS based problems, like a hosting company running some insanely old version of PHP or FTP (rather than SFTP) or non-SSL logins.
So first step to cleansing a site is always move to hosting running all latest stable LAMP code - Linux/Apache/MariaDB/PHP + latest OpenSSL + no plain text logins (so SFTP + all site logins are SSL wrapped).
If you want a semi-affordable paid service, I recommend wordfence.com (will cost $200 ish)
I agree that restoring from backup is a good option. Ensure that all the files are erased first, and before you allow the site to be live to the web again it's a good idea to ensure all plugins and themes, and WordPress core, are up to date. Change all passwords for important user accounts (admin ones especially) and the hosting account and FTP accounts too.
I recommend installing Wordfence to help prevent brute force attacks, and if you activate the firewall it can block some vulnerability exploit attempts too.
WordPress sites need to be kept up to date; it only takes days (or perhaps hours) after a vulnerability is announced before it is widely exploited. This might be a professional WordPress site management service is a good option, if you don't want to try to do it yourself.
I agree that restoring from backup is a good option. Ensure that all the files are erased first, and before you allow the site to be live to the web again it's a good idea to ensure all plugins and themes, and WordPress core, are up to date. Change all passwords for important user accounts (admin ones especially) and the hosting account and FTP accounts too.
I recommend installing Wordfence to help prevent brute force attacks, and if you activate the firewall it can block some vulnerability exploit attempts too.
WordPress sites need to be kept up to date; it only takes days (or perhaps hours) after a vulnerability is announced before it is widely exploited. This might be a professional WordPress site management service is a good option, if you don't want to try to do it yourself.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.