Removing Malware from WordPress

Recently GrowTraffic has been hacked. Well to be honest it’s been hacked a couple of times and I wanted to share my experiences of how I’ve overcome it.

The first thing to say is if you’re getting malware warnings from Google, don’t panic! Easier said than done, when I found out GrowTraffic had been hacked the first thing I did was panic!

My first step was to contact my hosting provider who was able to be quite helpful, if you’ve got a managed service or a great hosting provider they are probably going to be able to do most of the do for you.

Making the server more secure

Then lock down the files and server as much as possible. First job is to change the file permissions so they can be read but can’t write and can’t execute – this will stop any scripts doing much more damage.

The next thing to do is to change the passwords. My advice is to change all the user passwords for the install (makes sure none of them other than you are admins), change the FTP passwords and the database passwords. Next change the WordPress secure key, this will force anyone/anything that’s already logged in the admin area to log back in – this steo will stop them being able to log in again.

Next you need to look at what malware Google thinks is installed on the site and where. If you visit: http://sitecheck.sucuri.net/scanner/ you can find the infected files.

Use something like Filezilla to find the files that Sucuri says are infected and replace them with new files, if it’s in wordpress you should be able to find them online.

Once you’ve done that update all your plugins and the main WordPress install – remember it’s probably an out of date plugin that has allowed the script to gain access in the first place.

Once you’ve done these steps you should find that your wordpress install is malware free (probably), go to Google Webmaster tools and request Google review your site for malware – tell them everything that’s been done, detailing all the files that you’ve updated and the stages you’ve gone through.

And make sure you’ve got a backup of the site.

Leave a Reply