Is your WordPress hacked and redirecting to a malicious website every time you try to visit it? If so then you are dealing with a WordPress infection. This is not a good situation to be in and can affect and destroy your SEO rankings using black hat tactics. If your website is infected, it is important to get it cleaned straight away.
WordPress is very secure and very well developed. What makes WordPress insecure and can lead you to the issue of this post is all of the third party plugins and themes. Many of these plugins and themes contain poor coding techniques that can create vulnerabilities, especially if it doesn’t get updated or patched frequently from the developer.
It is so important that you keep your WordPress core, themes and plugins up to date. Many of the updates that will come across your administrative dashboard will include security patches that will keep your website safe. Not completing these updates will open up your website and your database to vulnerabilities which hackers can exploit and take advantage of to infect your website.
One of the most common infections that will happen on a WordPress site will be the redirect hack. This is when a hacker have gained access and placed some code in files or even the widget section, we’ve seen this as the common area. The good news is that this type of infection in many cases is the easiest to clean up and protect from happening again.
How can I remove the malware?
So this is the absolute initial step is to ask your web host to see if they provide a service on removing it, if they do, they will most likely be partnered up with site-lock and charge in excess of £200 to clean it up. We know EIG own a number of web hosts such as; Hostgator, Bluehost, JustHost, Arvixe and over 50 others and they use site-lock to do the work for them.
The next step if you choose not to use your hosting provider or they don’t offer a malware removing service is to check your user logins, make sure there isn’t any extra admin accounts been created by the hacker. We suggest you change all WordPress account passwords, just incase someones account has been compromised.
Now, you can re-install WordPress core files without affecting your website content via the update function. We also recommend you re-install your plugins and your theme. Scan the whole entire WordPress directory for malware and replace any infected files with fresh new ones.
Hire us to remove malware from your website, we can work with most web hosts.
How can I prevent getting infected?
- Make sure your file permissions are correct, check that your theme and plugins are always up to date.
- Don’t use nulled themes and plugins and make sure you pay for the updates from their official website.
- Patch your wp-login and XMLRPC to block Brute-Force and help prevent DDoS attacks.
- Change FTP passwords and every website user’s password.
- We recommended to run a local malware scan on your computer.