Blog

Website Virus Malware Removal a website including WordPress — Get it Clean Now ! Free Tips & Tricks

Did you get one of the big nasty red warning pages when visiting your website? Well it’s no joke you have a virus and were hacked.

Are you totally freaking out and is your heart racing 1000 miles per hour ?  Did you just run a big marketing campaign and now no one can get to your site ?

Well….. go get a big cup of coffee with lots of sugar in it because you are going to be in for a long night, and day and possibly another night. That’s right your going to have a flash backs to your college exam days, no sleep!

 

How serious is this block and how quick can I get my site back up?

This is very serious and if it happens three times with Google you have a bigger problem.  I know it really isn’t funny, is it?  First, TAKE A BIG BREATH, this is going to take a lot of work on your part to make sure that:

1) your site comes back up clean, (you have a couple of options but nothing less than 8 hours of work)
2) Find out what other monitoring sites have flagged your site (there are a bunch of them that can flag you as having a malware site status)
3) preventing this from happening again.

 

How did this virus get onto my website and how did this happen?

Whatever you do don’t call and yell at your website guys, believe it or not it probably wasn’t them. The best hosting and website providers have virus scanners in place on their PC’s and know the do’s and don’ts to uploading content and managing a website. If you have ever logged into your website and even posted one single picture, or a picture or video or posted on the website it probably happened from something as simple as that.  Really !

Could be any number of reasons, most of which we will discuss in depth here

– out of date wordpress install
– out of date plugin and/or insecure plugin (mm forms got hit a lot so we removed all usages of it)
– using a free template downloaded from a secondary source
– file permissions set insecurely
– image or video installed on the site with a virus
– ftp hijacked by virus
– insecure hosting and/or shared hosting

As to which one it is, this is a process of elimination.

Realize that if you hosting your website on a cheap hosting company (for example: hosting services at godaddy) then you are probably on a shared server.  The cheaper the hosting the more thousands of people all sharing your same IP address.  That also can mean that you probably don’t have a sophisticated backup and recovery system. If you are on shared hosting then you’re less likely to get to the bottom of it, as you probably won’t have access to the logs necessary to examine what’s happened in detail.

And if you do have a hosting company and website service company you still might not have a malware protection coverage.  Why is that?  Well it is usually a higher level of monthly support cost and most people don’t ever think they will need it.  It takes a lot of work to protect your site and it takes some serious software to monitor  and clean the websites on a regular basis (every 3 to 4 hours).  That cost money for the monitoring software, the security software, the software cleaner tools, the more powerful servers and then of course there is their time which is worth a lot.

And as a computer person let me tell you that I am convinced that the big boys out there (the ones that have the software virus protection software solutions) put out viruses just to make us buy their scrubbers.  I mean come on haven’t you noticed how your iphone needs an update about a month before the new iphone comes out, then all of a sudden you start having a lot of issues with your iphone?  What do most people do?  That’s right, they buy a new iphone  … just saying.

 

What do I do now?

Well there is not an easy answer.  It really depends how bad the situation is.

Step 1:

First and most importantly, DO NOT do anything until you have cleaned your own personal computer.  Read my post here about “The Simple Steps to Preventing Viruses on Your Website”.

Step 2:

Go check out a couple of things, lets check and see how many websites know about this virus. Read my post here about “How to Check Out Your Website and Who Knows About It” on the world wide web.

Step 3:

Removing the virus  now….. STOP!   Don’t continue to read this until you have gone and done the stuff in Step 1.  No kidding, you don’t want to spend the next couple of hours to clean your website and then you corrupt it all over again.

 

look for a lot of things so lets do them item at a time…  you will need to check:

1)  wordpress software was manipulated and the following website will show you this  sucuri.net when you run a check at sucuri.net remember to run the check for ALL the urls that Google analytic s tells you has errors.  Running it for the main url is not enough.  You need to clean each problem area one at a time and rerun each time.

However this is not going to tell you everything.  Now you have to manually look for corrupt code in your wordpress install

2) Suspected injected code will be placed inside some of your programs.  Specifically in your header.php and all the index.php files.  You are looking for the following sample of martian looking code :

3) Hacket Google Analytics account and Meta Code was inserted.  Google manager & ownership of file is a great indicator that your primary server was hacked and they inserted meta code.

a)  look at your google analytics account it will tell you the users that have manager access.  This is a very good indicator that you have been hacked and that they want to watch your traffic.  Remove those users and report them to google.

b) usually they have inserted a meta code into your header.php file, and  it will look something like this: <meta name=”google-site-verification” content=”7NfPi4euG5twnvHW9RuARau1SytVyJe2j6qYJYTEFvg” />

https://www.google.com/webmasters/tools/message

Related Articles:
Google About Marware and Hacked Sites

 

 

 

0