Had your wordpress website hacked? We have been helping a lot of businesses overcome this problem, so we thought we would set out the steps we take to remove malware warnings and viruses.
The hacker has a malicious intent, so whatever they are doing it will leave traces and links to files or websites. The hacked will also try to cover their tracks, and in the end sometimes the only thing you can do is set fire to your server.
The hacker will have created, or forced, a way into your system that will be different to the traces they leave. You have to address this problem before your virus/malware problem will really go away. This can sometimes mean your host is infected or it might just mean your password is insecure.
Follow the following steps to remove the malware warning.
Make sure you have a backup of everything. Save a copy of your wp-config.php file somewhere obvious.
Download a fresh copy of WordPress from wordpress.org.
Delete EVERY file in your www/web main directory.
Unzip and FTP WordPress to your website/blog. Do not try to upgrade or reinstall from the admin section of wordpress, this method is incomplete.
Download a fresh copy of your theme, and FTP that into your themes folder. If you have modified your theme in any significant way, this will not work. The only way to make sure you have got the problem licked is to install a fresh copy of your theme, or go through your theme line by line to make sure there is nothing that is causing the issue.
Add your wp-config.php file back into the root of your directory.
You should be able to log back in to your wp-admin section.
Change your password
Install WordPress Firewall 2
Install WordPress exploit scanner and run. This will tell you if there is a problem with your database.
Use Sucuri’s scanner to see if you are virus free. If you had removed all your files, and carried out a clean install, you should be virus free.
Notify Google you are clean using the Google Webmaster tools.
How Long Does it Take for the Warning to Go Away?
From us sending in the request to the Malware warning being removed took less than 8 hours. In all we lost almost a full day of traffic from Google, which is about 50% of the total. Only two clients noticed the problem, but we had to send out a warning to most of them, letting them know of the compromise, so in the end they all found out. We have learned a lot about what is considered secure on the web (nothing) and what is vulnerable (almost everything).