Press "Enter" to skip to content

WordPress Malware Removal: What to do when your site gets hacked

What I did when my Website was Attacked by Malware

If your website has ever been attacked by Malware, you will understand the sinking feeling that this can induce. This website came under attack recently and I am only realizing now that I did not follow the book on WordPress Malware Removal. I mean, who can blame me? After working for so long on this site, the thought of losing everything really touched me to the core? So, what did I do when my website came under attack?

I Panicked

  • The first thing that I did was panic. I know, most of the experts who are out there will tell you not to break into a sweat following a malware attack on your website, but I admit to nearly falling into a fit of hysteria when I got the news.
  • As I have already mentioned, I have been working on this project for some time; and losing sleep over it. The thought of having to go back to the drawing board was a bit too much for me.

[spacer height=”20px”]

How I discovered the problem

WordPress Malware Removal: Google had not seen the issue
WordPress Malware Removal: No security issues detected by Google

There were actually no overt signs that my website had come under a malware attack. Even Google had apparently not yet discovered the problem, which makes me think that the infection was, perhaps, minor, if that can be said of an attack by malicious software on a website. As you can see in the above screenshot, my search console “console”  still indicated that my website was still clean.

An Ominous Email

  • I suppose I sound a bit too dramatic to seasoned WordPress website owners, but the first thing that I knew about the virus attack on my website was receiving an ominous, cryptic letter from my web host.
  • This site is hosted by InterServer, which, as I mention in this article, is a great web hosting services provider.
  • So, the letter that is pictured below arrived in my inbox, and I couldn’t, for the love of my site, understand what it was all about.

[spacer height=”20px”]

Letter Informing me of Infection
Email from Web Host

I mean, you will have to excuse me but that the hell is ClamAv? The letter doesn’t even overtly tell me that my site has been infected.

An Inkling of Trouble

I any case, I had a feeling that my site was in trouble because whoever, “scanner” was, they had never before sent me an email after a daily virus scan. And whatever “clamav” was, it had clearly thought to inform me in the rather cryptic way that there was something or the other happening.

What is ClamAV

ClamAV antimalware
ClamAV antimalware
  • My web host apparently uses Clam AntiVirus (ClamAV) to secure my website.
  • Now that I have done research on it, I know that ClamAV is an open source antivirus that can be used across a wide range of platforms. These include Linux, macOS, Solaris and many more.
  • The picture in the above screenshot is a bit scary but ClamAv is apparently what you use for WordPress Malware Removal.

[spacer height=”20px”]

WordPress Malware Removal: What I did Next

So, what did I do next on my way to removing the malware infection from my WordPress website? I mean, there was no open sign that the site had been infected, so what was I to do?

Head Over to cPanel

Inside cPanel
Inside cPanel

The next thing that I did was head over to cPanel. I don’t know if I am doing something wrong or something, but I haven’t yet discovered a straightforward way of entering my site’s cPanel. I mean, I have to go to my web host, enter my details, and click on a thousand things before finding my way in. Oh well, I suppose its all part of securing my site?

Inside cPanel

I do have to admit that I rarely ever visit the cPanel of my WordPress website. That is because, usually, everything works so well that I do not have reason for doing so.

  • Besides, everything is a jumble there anyhow. I mean, its all well laid out, but I cant really make heads or tails of most of the things that are in there.
  • What, as an example, are “MME types” and “Indexes?” I suppose I will have to produce a series of articles in which I research on and explain those things.

[spacer height=”20px”]

In any case, when I got to my site’s cPanel, I scrolled down till I got to Virus Scanner. You can see where it is in the screenshot above. For the less discerning, its where the ugly red arrow is pointing.

Click on Virus Scanner

The next action on my WordPress Malware Removal journey involved clicking on “Virus Scanner.” This took me to the window in the screenshot below.

WordPress Malware Removal: Virus Scanner
WordPress Malware Removal: Virus Scanner

As you can see in the above screenshot, Virus Scanner gives you the options to;

  • Scan Mail
  • Scan Entire Home Directory
  • Scan Public Web Space
  • Scan Public FTP Space.

[spacer height=”20px”]

WordPress Malware Removal: Scan Entire Home Directory

In this case, I clicked on “Scan Entire Home Directory.” I chose that option because there was “entire” in the option. I know that that’s not a convincing reason, but what can I say?

Scan in Progress. Malware Detected on my WordPress Website
Scan in Progress. Malware Detected on my WordPress Website

The Horror

The moment that I clicked on the “Scan Now,” button, the thing went crazy. As you can see in the above screenshot, quite a number of malware infections Virus Scanner detected quite a number of infections on my WordPress website. Now, I am not usually a violent person, but if I ever catch a virus creator…

Cleaning Up

  • After the scan, cPanel took me to another screen, where I was presented with the option to either quarantine or completely remove the malware infection.
  • Unfortunately, I forgot to take a screenshot of that screen. You will know when you arrive there, should your site ever be attacked by malware.
  • In any case, because I am rather cowardly, I chose the option to quarantine the files. I didn’t want to break my entire website by deleting something important.

[spacer height=”20px”]

After the Quarantine

After the quarantine, I ran another scan. As you can see in the screenshot below, all the malicious infections had been removed from my site!

Goodbye  Malware

InterServer Offers Free Hacked WordPress Cleanup

The good thing about my web hosting plan is that it comes with free malware removal. I should have mentioned that in my panic, I had already opened a ticket with InterServer in the hope of having the infection removed.

  • Had I waited, the WordPress Malware infection would probably have been removed from my website free of charge.
  • I have heard horror stories from people who have had to fork out large amounts of money in order to get their sites cleaned.
  • The main reason why I chose this web host was the fact that it comes with free hacked WordPress cleanup.
  • That is important because your site will, at some point in the future, get an infection and you don’t want to have to start forking out money to have it sanitized.

[spacer height=”20px”]

Conclusion

I know, conclusion as a topic is a bit cliched, but i shall conclude anyhow. After the infection, I had a word with my host about backups. I was worried about losing everything to a WordPress Malware Infection. In any case, I was assured by the folks at InterServer that they were keeping daily backups of my site. But just in case, I created a backup of my own anyhow. Oh well. I suppose that now I will have to talk about how I secure my WordPress website. Till then, have a good time. If you wish to know more about malware infections in computers (and because internal links are good SEO), here is a link that I wrote on the subject. And here is a page on the best malware removal tools that can be found out there.

Be First to Comment

    Say Something

    %d bloggers like this: