Virus & Mal-ware Removal

Depending on the attack, you might be able to get yourself back up and running. More advanced attacks do require some technical and server work to get straightened out.

Step one – Lock down. Reset all the administrator passwords. Many attacks will add or compromise an administrator account so they can continue to access your site. After you’ve reset all the passwords, look for any new / odd administrator accounts and delete them. Now is a good time to remove any old administrator accounts that aren’t needed anymore.

Step two – Restore or Cleanup. If you have a known good backup, this is often the easiest way to get back up and running quickly. If not, you’ll have to cleanup the infection.

Cleanup is the bulk of the work and the best place to start is by using a couple of plugins. We recommend WordFence and GOTMLS. Run both of these, not at the same time though. They will find any known infections and will allow you to remove them.

If you’re comfortable on the command line, you can go deeper to make sure you’ve got it. You’ll need access to the server via SSH. This guide from Sucrui covers how to clean a hacked site. It also contains steps for hardening the site after clean up.

Step three – Hardening. Hardening refers to making it harder for your site to be compromised in the future. Enable brute-force protection, use strong passwords, ideally with multi-factor authentication, and keeping code up to date.