One day you might discover that in the search results there are references on your website to pharmaceutical products. You check the content and find external links to websites that should not be there. To make matters worse, your site is listed as dangerous by Google, and then you ask yourself, what can I do?
The aim will be to solve the problem as quickly as possible. In such a situation, it is easy to make mistakes and even carry out swift actions that may turn out to be irreversible.
So the main thing is to keep calm, take a deep breath and carefully follow the following instructions:
You can do this in two ways: by installing the WP Maintenance Mode plugin or, if you have experience editing code, you can do it manually in the following way:
1.1. Create a file in the root that you can name for example “maintenance.php.”
1.2. Edit the file that you just created and code it to your liking.
1.3. Edit the functions.php file of your WordPress theme.
With this, users will only see that your website is under maintenance while you can access the WordPress administration.
The next step is to try to identify the problem. For this, you can use different tools to see if your site is infected with malware. Now that you already have some information, you should contact your hosting company to communicate the problem and follow their instructions. This is very important, especially in shared hosting, since the attack may have affected more than one site. If the technical service leaves much to be desired or does not offer you help, you have to consider changing your hosting company at the end of this guide.
It is possible that the tool you use regularly is the source of the problem. Make sure you have a good antivirus installed and updated, and perform a full scan. There is antivirus software on the market. It is also good to complement it with tools specialized in detecting malware.
Before making any changes, make a copy of the website and the database. In this way, you will avoid risks of loss of information if something goes wrong.
It is imperative that you change all the passwords to prevent the attackers from continuing to act on your website:
WordPress Access: change the password of all users. Verify that no administrator users have been added that should not be. Remove any user that you consider suspicious.
When modifying the password of the database, you must immediately edit the wp-config.php file and write the new password. Otherwise, WordPress will not be able to establish a connection with the database and your site will be inaccessible.
In this same file, you must change the security keys. To do this, access the official WordPress security key generator, copy the generated code, and replace it where appropriate in the wp-config.php file.
These are the things to do when cleaning directories and files:
6.1. If you use a cache plugin, you should disable it and cache the imp because if an infected file is left in the cache, it can leave your site infected again.
6.2. Install the WordFence plugin or Anti-Malware Security and Brute-Force Firewall to check your website. This way you can see which files seem infected, which lines of code have been inserted and where. This is essential if you use a custom theme of your own.
6.3. Download your theme, which is inside the folder /wp-content/ and checks and edit the files according to the instructions of the security plugin. As a result, you will have a clean theme on your computer. To be sure, you can analyze the files of your theme with your antivirus and your antimalware tool. If you use a commercial theme, download a clean copy from its official site.
6.4. Enter the plugins section of your WordPress installation, take a look at your active plugins and download the most updated versions of them on your computer.
Check the content of your website and search iframes, rare codes, internal and external links that point to suspicious sites to remove them.
6.5. Now, connect via FTP and sort the files by modification date. Pay special attention to the latest modifications, since they are usually the ones that contain malicious code. Download WordPress from the website. Unzip the downloaded file in a folder on your computer. Check that folder and file structure and compare it with the one on your server. So you can detect strange files.
6.6. Sometimes you may find that it is not possible to remove all the malicious code. In that case, it is best to replace the files of your WordPress installation with the WordPress files downloaded from the official site.
You already have your site clean and perfectly operational. However, to prevent having a problem in the future, it is essential that you adopt the following measures:
7.1. Change the prefix of your database. You can use the Change DB Prefix plugin.
7.2. Generates empty index.php files to prevent directories from being accessible through the browser.
7.3. Create a file htaccess with code that prevents running .php files inside the “uploads” folder, which is something that many attackers usually try.
7.4. Performs a periodic backup of both the website and the database and save it somewhere safe. If possible, it should be saved outside the hosting server.
7.5. Keep your WordPress updated, as well as the theme and the plugins.
7.6. Activate a security plugin.
7.7. Always use strong passwords and educate others with admin access to the vital importance of this practice.
Melissa Crooks is a Content Writer who writes for Hyperlink InfoSystem, one of the leading app development companies in New York, USA & India that holds the best team of skilled and expert app builders. She is a versatile tech writer and loves exploring the latest technology trends, entrepreneur and startup column.