How to Find, Remove and Protect WordPress Site from Malware

WordPress powered websites are hit list on the crackers, they are using Malware (a malicious software) for attacking your WordPress site. There are different types of Malware, like viruses, Trojan horse, spyware, hijackers, crimeware, adware, dialers, keyloggers, worms, rootkits and similar programs. Detail about different types of Malware has explained by James D. Nardell on “Different Types Malware“.

Must Read: Complete WordPress Security Guide

Latest news about Types of Malware and all other security threats can be found at Panda Security website which provides and present Collective Intelligence Monitor about all threats, as they said: ” The best way to defeat your enemy is to understand him.”

I have written step by step guide on How to Identifying removing and preventing malware WordPress site when one of my friend’s blog xponent4 was effected and I cleaned it up. Now it’s running okay without Malware but still on threat because of shared hosting on Servage, although they provide the good support but I recommend the best hosting like WPEngine.

If your site is infected, I can help and assist you with removing Malware from your server and can clean up your WordPress site (Request at WPArena’s Facebook page and like it ). Even we can do basic penetration test free of cost to tell you about Vulnerabilities in your WordPress powered Website.

Identifying Malware on WordPress Powered Website

There are different ways that can help you to identify Malware on your website. If you see any issue with Malware on your site, first of all, change your FTP, Admin, and database password and then try to use some online tools like Sucuri, Stop Badware and antiphishing to know more about latest threats and Malware.

Google Safe Browsing Diagnostics tool can help you to check vulnerabilities in your site and provide you the next step about protecting your site.

Next, you can use WordPress plugins to check about Malware on your website, but before using these plugins do following steps to make it more secure. Update all your installed Plugins, Test all Links on your site to make sure that your site not linking to a site which contains Malware. All these checkings you should do on Virtual Machine, so your actually Machine will not be infected during any test.

Timthumb Vulnerability Scanner

Timthumb Vulnerability Scanner is an excellent tool to check any Vulnerability in your site. The recent Timthumb.php vulnerability has left scores of unsuspecting bloggers hacked. It’s the perfect combination of not so easy to fix for the technically disinclined, and easy to find and exploit for the malicious – resulting in a disastrous number of compromised sites.

Regina Smola from WPSecurityLock, has explained about this Plugin and Timthumb Vulnerability Scanner plugin will scan your entire wp-content directory for instances of any outdated and insecure version of the timthumb script, and give you the option to automatically upgrade them with a single click. Doing so will protect you from hackers looking to exploit this particular vulnerability.

As well as ElegantThemes authors provide a security patch and updates in their themes which use image re-sizing script called Timthumb, so their themes are more secure now. WooThemes authors also update and mention the Security Flaw in their themes.

Exploit Scanner

Exploit Scanner will help you to scan your files and find any malicious code. Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers. This plugin searches the files on your website and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames. It does not remove anything. That is left to the user to do.

Removing Malware from WordPress website

Make a COMPLETE and CLOSE review of your ENTIRE content and replace suspect files with fresh ones from trusted sources. Always keep 3rd party Plugins and theme updated to minimize the risk of security issues as good as possible. Regularly check your content so you might notice unauthorized modifications pretty soon yourself because when notes of this type get overhand we will charge an admin fee for our additional work.

After finding any suspicious and malware infected ads, links, Posts or piece of code in your file, image or in the script, remove all of them. If you are sure that your site has been hacked, Follow the steps provided by Go Daddy to get back it online:

• Take the site offline to avoid putting site visitors and customers at risk.
• Remove all offending code. This is only effective long-term in conjunction prevention.
• Fix underlying security vulnerabilities to prevent future attacks.
• Check for and remove “back doors” left by the hacker. A backdoor allows the hacker future access even after you secure the site.
• Check for and install updates, and research the software you are using to find out if other users have been affected.

Protect Website from Malware

Finally, all you have to protect your site for further attack and the best tool is the prevention. Try to keep updated all your Plugins, Theme and Core WordPress and use scanners that can detect vulnerabilities. Before putting any ad or link on your site make sure it’s not distributing any  Malware and monitor them regularly. As well make sure user-generated contents are no containing exploit links to Malware and they are clean for visitors without any suspicious link and executable files.

For maximum security please ensure your account password is secure (at least 6 mixed numbers and letters) and that it is changed regularly. Ensure that permissions for your folders are set to 755 and for files, it is set as 644. Also, check that no folders have insecure permissions such as 777.

For a password to be strong, it should:

•  Be at least seven characters long. Because of the way passwords are encrypted, the most secure passwords are 6-12characters long.
•  Have at least one symbol character in the second through sixth positions.
• Be significantly different from prior passwords.
• Not contain your name or username.
• Not be a common word or name.

If you have any issue with your WordPress powered Website ask us on WPArena’s Facebook page or try our Professional WordPress Security Services.