If your website has been infected with malicious content, you should clean your website files as soon as possible to prevent further damage to your website.
Note: If you believe you have lost files or data or your database is infected. Immediately contact your hosting company to know if they have backup saved for you.
Hosting companies charge some bucks but they provide you backup or last 24 to 48 hours state website.
Please note if you get your website even restored somehow it needs to be cleaned and checked up by an expert. We charge only 35$ to clean up the site completely. Contact us! And to avoid any such future problems get WordPress maintenance service.
What you can do yourself? To remove malicious code
Firstly, it is recommended to completely disable your site and allow access only from your own IP addresses while cleaning up. This way you will quarantine your site, so that hackers will not be able to reach it.
Furthermore if you don’t disable your site your visitors will access harmful content. In addition, search engines (Google, MSN, etc.) might also end up blocking your site.
The easiest way to quarantine your site is to edit your .htaccess file and allow access only from your own IP address. Use the following two lines (they work on Apache based servers):
deny from all
allow from IP_ADDRESS
Replace IP_ADDRESS with your own IP address. Once you do this the site will be down for your visitors. Taking your site offline during the recovery will not affect your future search engine rankings.
Get Help from an expert! Don’t risk your hard work.
Clean up malicious code from your website.
To start the clean-up, download all of your website files to your local computer via FTP and scan them with your Antivirus software. Once the scan is completed you should receive a list of the suspicious files that you need to review.
Most of the times the infected code is easily noticeable since it is heavily obfuscated (encrypted), unlike regular code used in open-source applications, which is much more orderly, and usually includes comments explaining the purpose of the different pieces of code. Below is an example excerpt of malicious code:
|=|<?php $ei4a=$_POST['12345'];if($ieov!=''){$tyqx=base64_decode($_POST['z0']);@eval("\$safedg=$tygx;");}
Make sure that you review all of your files, remove the infected code and upload your files back on the hosting server.
When the malicious code has been removed, you should upgrade all applications on your hosting account to their latest stable versions.
To ensure you are the only one who has access to your account, and therefore prevent attackers from reaching it again you should also:
- Update the Antivirus software on your computer to the latest version.
- Run a complete antivirus scan on your local computer including all hard drives.
- Ensure your Operating system (Windows, Linux or MacOS) is up-to-date and all security patches are applied.
- Ensure your Internet connection is secure. If you are using wireless connection the only secure encryptions is wpa2. For more information contact your router vendor or ISP.
- Change the passwords related to your hosting account (including cPanel, FTP accounts, Email accounts, etc.).
- Change the dashboard administrator passwords for your web applications.
Most important re install WordPress CMS and re install all the plugins.