On many occasions we can come across websites that have been attacked. They may contain malware, an intruder may have injected malicious code, and may ultimately put visitors’ safety at risk. This is something that happens to many websites and it is the responsibility of those pages who have to take action and prepare to avoid problems. WordPress is undoubtedly one of the most popular content managers today. In this article we are going to talk about what to do in case our WordPress website has malware.
What to do if a WordPress site has malware
As we have indicated, WordPress is widely used by users. This means that when a problem arises, a threat in the form of malware can put many users at risk. Luckily there are security tools and methods that we can use to protect ourselves.
We are going to see what are the main steps that we must do in case our website has some malware and is infected.
One of the first steps we must take is to put the website into maintenance mode . This means that it will not be enabled for potential visitors to enter. In this way what we do is minimize the damage as much as possible and from there try to solve the problem. It is as if we have our infected computer and disconnect the Internet, for example.
In this way we will also prevent potential visitors from becoming infected. This would be very negative not only in terms of security, but would also affect the reputation of the website.
The next step, highly recommended, is to download all the content via FTP to a computer. This on the one hand guarantees that the data will be safe in case of problems, beyond any possible backup copies that we have. But it will also allow us to correctly scan with an antivirus for threats.
Note: it is necessary to have some kind of FTP software to be able to transfer files from the hosting to our team. For example we can make use of CyberDuck , which is open source and is available for various platforms.
Update all installed patches
Once all this is done we can update all the patches that we have installed. In many cases, these types of problems come through outdated patches that can allow threats to enter. We must always have the latest versions to be able to correct these security flaws. Additionally it is interesting to install security plugins for our WordPress site. There are many and it is something that we must consider.
Ideally, our antivirus should have helped us remove any malware that may be present in the files. In this case what we have to do once we make sure that they are clean is to upload all the content back to the accommodation.
In case this has not been possible, we can always restore files from a previous backup. Normally our storage provider will keep regular backups and we can go back to an earlier point. We can always consult the technical service in case of problems or doubts. Of course, this would give positive results if the malware has entered after those copies that we are restoring.
Another possible solution, although in this more technical case, is to analyze the code line by line and see if there is something malicious.
In short, these are some steps that we must carry out in case our WordPress site has some type of malware and we have problems. However it is best to prevent. As long as we have the site updated, we control the plugins properly, we have security tools, we will have a lot of livestock and we will avoid problems that affect our security.
