WordPress sites are at risk of being attacked and infected by malware at any given time. More than 74 million sites are powered by Wordpress. Because all are connected to the same Content Management System, there is a high chance of websites being vulnerable to attack.
To determine if you site has been infected with malware and to clean it up and fix the damage, follow these simple steps:
While this warning confirms malware infection, there are a number of indicators that could help you ascertain whether your site has been hacked.
1. Scan Your Website
Run a website malware scan to determine whether or not your site is really infected, and by what. A number of website malware scans are available online, including the cWatch scan by Comodo.
2. Change your cPanel and FTP Password
Once you are sure that virus scanning of the system is done, ensure that you change your FTP and cPanel passwords. Make the password complex, with a combination of numbers, lowercase and uppercase letters and special characters.
3. Download WordPress
Be sure to to download WordPress from the WordPress site itself.
4. Extract Files from Zip
Extract the files from zip once you download the WordPress package on your system.
5. Remove the Malware infection
Login to your cPanel > File Manager
The WordPress Installation Files will look like
Retain wp-config.php file and wp-content folder and remove the other files and folders so the installation looks like:
Edit the wp-config.php file in your cPanel > File Manager. Check for unknown and vulnerable codes.
Wp-content folder should be like this:
Remove the plugins folder and index.php. Once the cleaning process is completed the plugins can be reinstalled.
6. Upload the WordPress Again
The WordPress files which were extracted can be now uploaded through FTP.
7. Consider changing WordPress Admin Password and Re-install Plugins
The dashboard will be available to access now. Consider changing the admin password with a combination of characters, letters and numbers.
8. Get the Google warning alert removed
Once your site is malware free, submit a request to Google and get the warning message "This site may harm your computer" removed from your site.
Install cWatch and protect your website - Install Comodo cWatch which uses a Security-as-a-Service (SaaS) model to secure and monitor your website against malware attacks. Protect your website and customers with Security Information and Event Management through real-time security monitoring, advanced threat detection and incident management. It also provides DdoS, addresses malware attacks and automates the malware removal process.