How to Clean Malware from a Hacked Website

Just the hint of a hacked site is enough to send jitters down the spine of every webmaster. In an event where something suspicious occurs on a website or where unexpected elements start to show up on the website, the doubt starts to pop up with a possibility inclined towards the absolutely negative event, i.e. a hack. 

This constant thought/fear is so widespread right now because of the recent hacking trends seen by the world. As per a report, new malware is being launched every day; approximately 230,000 new malware samples/day. Scary, right?

Related: 6 Basic Tips for Web Server Security You Should Know

If you are ever caught in such a scenario, you must be prepared to tackle it with complete preparedness. The first step towards this preparedness is knowing about the ways that malware finds its way into your website.

steps to wordpress security

Mostly, websites that use unreliable plugins and coding can end up getting easily hacked. Other times, hackers might be at play and use malicious redirection, drive-by downloads, backdoors, Defacement, Phishing, SEO Spam, Misconfiguration, and even Brute Force their entry into your website.

You will be shocked to know that the total cost for cybercrime committed globally has added up to over $1 trillion in  2018. This justifies the fears of all the webmasters out there. Since there is a hacker attack every 39 seconds, you need to make yourself and your website ready to face such an encounter and beat it for good. So, in this blog post, we will help you learn about cleaning malware from a hacked website.

There are several steps required for scanning your website to find malware and then there are more steps required to remove the infected elements from your website. Towards the end, we will share some expert tips to help you take care of your website security. So, here’s the breakdown.

How to know if your website has been hacked

It is always easy to spot a hack event on a website. However, we have listed the most common ones below so that you can figure out if that is the case with your website.

  • Your website starts freezing every now and then
  • You will start seeing unnecessary pop-ups on your website that have not been placed by you
  • Presence of unusual text on your website’s footer/header
  • You start finding the keywords on your website linking to random external websites
  • Warning messages from your hosting provider
  • Website redirection to some spammy website
  • Google alerts that your website has been hacked
  • Your website goes offline

Once you have figured out that your website has been hacked, here’s what you need to do next.  

Figure out the origin of the attack on your website

Before you can do anything about the hack or the mishap with your website, you will have to identify the kind of the attack. For this, you should have access to tools that will help you scan your site remotely. Tools like Sucuri and WordFence will help you find malicious payloads and malware locations.

Related: Website Security 101: What Every Developer Should Know

You need to be extra careful if you have more than one website. This is so because of the phenomenon where cross-site contamination can end up affecting all the other websites on the server as well. So, begin by checking the following.

  • Core File Vulnerability: If the core file has been tampered with, that’s bad news. However, you need to assess if they really have been affected. To ascertain any change, you can simply use the diff command in the terminal or manually check your files via SFTP.
  • Recently Modified Files: In an event where your website has been hacked, your website files will have been modified. If there has been any modification in the recent time-period that wasn’t done or approved by you, you can be sure that there is something fishy. For Linux,  you simply need to type in your terminal:

$ find /etc -type f -printf ‘%TY-%Tm-%Td %TT %pn’ | sort -r .

If you want to see directory files, type in your terminal:

$ find /etc -printf ‘%TY-%Tm-%Td %TT %pn’ | sort -r .

It’s time to cleanup

Image by Markus Spiske from Pixabay

Once you have figured out the point where the hack was triggered, you will be able to clean up the mess and get your website up and running the usual way. But before you move ahead with the plan, don’t forget to back up your existing website data, i.e. the backup Site Files and Database. It is important that you back up the entire existing website so that you can easily restore it in case the removal of the malware goes wrong. 

However, if you are backing up the data, export an XML file of all your content by using Tools. If your website is a large one, you can use your web host’s File Manager to make a zip archive of your wp-content folder and then download that zip file.

After you are done with the backup, you will have to figure out the suspicious code and links that might be present on your website. In order to remove malicious code from your database, you can try looking for the bad code string that is causing the trouble and deleting it. You will find it in the character fields. Now you must figure out the infected files and use your FTP application to download them. Now, inspect them and delete and modify the files, and replace the modified ones with the infected ones. 

Moving ahead, re-upload these files and run a scan. Once done, now you will also be required to your hacked Database Tables, ensure the security of all your user accounts, and remove any hidden backdoors that might have been placed. You must change the passwords for your FTP, Hosting Control Panel, and SSH accounts as well.

Once you are done with the removal of malicious codes and files and other cleaning tasks, you can just update and reset the configuration settings. 

Security of the website from future attacks

Image by Thomas Breher from Pixabay

Recovering your hacked website also calls for hardening your website security for the future. You will be required to update and reset configuration settings. Setting up a backup mechanism is also a compulsion. It will turn up to be of immense help in case your website gets compromised and the data ends up getting lost. A website firewall is also a great way to keep the hackers at bay.

Tools to Remove Malware and Clean Hacked Website

If you are operating your website under a specific budget, you might want to check out some tools available in the market to help you clean your site’s malware and restore your site. Tools like Sucuri, Wordfence and Google Free Malware Checker. If your website is on WordPress, there are several security plugins that can help you secure your website. Some of the most popular plugins in this category are Gotmls, WP Antivirus Site Protection, All-in-One WP Security plugin, and Wordfence Security plugin.

Conclusion:

Hacking is a real bitter experience to happen to any webmaster. In case this happens to you, you should immediately inform your web host service provider. If they are able to fix this issue, that will save you the hassle. However, if any other expert help is needed, you must get in touch with them. When you are able to restore it, you must focus on hardening its security and securing it from any future hacker attacks.

About the author

Mark Coleman is a passionate writer, currently working as an Editor at MarkupTrend. Markup Trend offers free resources for developers, designers and webmasters and is updated daily. Mark is available for hire for product and business promotions.

Author: Spyre Studios