There is nothing giving you a bad start to a day as an email from your hosting company telling you that your website has been infiltrated with malware, and they have already taken it offline, or if not they will have to take action against your site within shortly if nothing happens. There you are with no clue what to do, and afraid of loosing income or customers, because your site is punished and hacked.
I have personally experienced 5-6 website of mine being hacking in 2014 and normally my hosting companies simply shut down the websites because they said thousands of spam emails were sent out every minute while the site was offline. As a very minor tech junkie I do have some insight in PHP coding and so, but not at all enough to look through PHP code and other files to look for code injected by hackers from where to do all kinds of ugly and creepy things on or through my website. In this little blog post I will therefore simply tell what I have done personally to find and remove malware on my WordPress sites.
How to find and remove malware on my WordPress site?
I have in some cases been able to remove the malware on my WordPress all by myself, but I must admit that in most cases I have simply left the job to the professionals. When I could remove the malware myself, this is what I did.
I asked my host to identify the hacked/infiltrated files on my server. I then deleted those files, and replaced them with new versions directly downloaded on new (if a plugin has been hacked, then I deleted the plugin, and downloaded a new version of the plugin from WordPress website).
I downloaded all files to my computer and ran a scan with my virus scanner. A few times I actually found something, but in most cases my virus scanner did not detect anything, even though several files where infiltrated with malware.
And this was about what I could do in my own power. If this was not enough, then I found out that I would simply give it on to professionals. Who are those professionals? Those are the guys who helped me get rid of the problem, and who at the same time takes care of me in the future and immediately removes the problem whenever some new suspicious attack should take place on my WordPress site.
Who are those professional guys who removes malware from my WordPress site?
I read around on blogs all across the Internet and in general I found one name that showed up over and over again. That was Sucuri. This is a brilliant service, something I now can say based on my personal experience. As you sign up they will monitor your website 24×7, and if there should be any malware detected, code injections or other hacking attempts, they will remove it for free and make sure that your site remains safe and healthy. If the hacking attempt has already taken place you can just sign up for their services, add your site and at once create a case on your website telling that you have received a warning about malware being found on your site, and then they will start the job normally between 2-3 hours. And once they have cleaned it they will keep watching and taking care of your site further on into the future, for as long as you keep your subscription active.
If you are earning money with your website, then you know that hacking attempts and forced offline status harms business and income. Sucuri will help you make sure that your website stays online 24×7, and that you will not lose money in case of a future hacking attempt.