Malware can harm your website, compromise visitor data, and affect your search rankings. This FAQ provides clear answers on how to remove malware, prevent future infections, and keep your website secure.
-
What is malware?
Malware, short for malicious software, refers to software or code developed by cyber criminals (hackers) and designed to harm, exploit, or gain unauthorized access to computer systems, networks, or devices. The intention is to cause damage, steal information, or gain control over the compromised system.
Malware is placed somewhere on the site, either by editing existing files or adding new ones. Because every hack is different, it's a matter of looking through the website files and figuring out what's not supposed to be there. In this article, we will help you get started. -
How do I know if my website has been infected with malware?
There are several key signs to look out for:
- The website is behaving unusually compared to how it functioned before.
- The WP Admin dashboard appears to be broken.
- The website redirects users to a different random website.
- When you visit the website, you encounter an unfamiliar pop-up.
- You may see a notification in your one.com Control Panel indicating that your website has been suspended due to malware.
Read more in the section "What should I do if my website has been suspended due to malware?".
-
How did my website get infected with malware?
Websites can become infected with malware in various ways. However, it’s important to know that most infections are not targeted attacks. Instead, automated bots scan the web, picking up URLs from Google search results or other databases and exploiting vulnerabilities wherever they find them. Common causes of infection include:
- Outdated software: Hackers exploit security vulnerabilities in outdated CMS, plugins, or themes.
- Weak passwords: Easy-to-guess passwords can lead to unauthorized access. Learn from our guide on how to create a strong password.
- Infected files: Malware can be introduced through compromised file uploads or infected scripts.
- Third-party integrations: Untrusted plugins, themes, or external services may contain malicious code.
- Phishing or Social Engineering: Attackers trick you into providing access credentials.
-
What should I do if my website has been suspended due to malware?
- Log into your one.com Control Panel.
- If you see a notification with the "View repair steps" button, click on it.
- Here, you will find detailed instructions on how to reactivate your website, including links to helpful guides.
- After experiencing a malware infection, it is recommended to delete and reinstall all plugins and themes.
- Once you have completed all the required steps, click "Request reactivation of website."
You will receive an email notification once your request is processed. If no additional malware is found, the suspension will be lifted. If more malware is detected, the email will provide further information.
-
Which steps should I follow to clean up my site?
In case you don't see the repair steps (see screenshot in the previous section) in your Control Panel, you can also find them here:
-
Change the passwords for your database and SFTP.
You can follow the guides to update your database password and to change your SFTP password. -
Clean malware from files using the one.com File Manager.
In your Control Panel, you can find a list of files that have been infected with malware, or you can contact our support, and they can provide you with a list. -
Update CMS, Plugins and Themes.
Check out our guide on how to update a CMS like WordPress or Joomla.Tip: WordPress users can also use our specialised guide called "How do I repair a hacked WordPress site?".
-
Change the passwords for your database and SFTP.
-
How do I remove malware from a CMS like WordPress or Joomla?
If your website is made with a CMS, then a good place to start is the original installation files since they are not infected and are available to download.
Tip: Is your website made with WordPress? Then we recommend doing a manual update. Our step-by-step guide update WordPress manually can help you with this.
- Open the list of files that contain malware. This list is sent by email to the contact email address. You can also find it in the one.com Control Panel or contact our support to request one.
- Download the installation files for your CMS. Make sure it's the same version as what you have installed.You can find the files for the different CMS here:
-
Open the installation files on your computer and compare them with the list of infected files in File Manager. Check for each file which of the following situations applies and take the corresponding action:
- If the infected file doesn't exist in the installation files and it's not part of an extension or template, then it's probably malware and can be removed completely.
- If the infected file is part of the installation files, then you can replace it with the corresponding file from the installation that you just downloaded.
- If the configuration file with your database connection details is infected (configuration.php, wp-config.php), then you need to make sure you add the login details for your database.
- If the infected file is part of a plugin, extension, template, or another module you have added to your CMS, you can remove the file and reinstall the plugin later.
- After you have gone through all the files and either replaced or deleted them, you need to make sure that your CMS is up-to-date. The core installation and all plugins, themes, extensions and additions must be set to the latest version.
- Open the list of files that contain malware. This list is sent by email to the contact email address. You can also find it in the one.com Control Panel or contact our support to request one.
-
How do I remove malware from other files?
In some cases, you need to remove the malware code from the file, for example, if your website is custom-made. Unless you are familiar with coding, it will be difficult to recognise what is malware and what isn't. Check the screenshot below for an example.
- We recommend editing the file in our File Manager because it shows the syntax in colours, which makes it easier to spot what part of the code looks out of place.
- When you have located the malware, remove it from the file and click Save in the top-left corner.
-
How do I remove malware from httpd.private or tmp folders?
Sometimes, malware-infected files can end up in folders on the web space that aren't accessible from an FTP connection or our File Manager. In these cases, you have to connect to your web space using SFTP or SSH instead to be able to remove the files.
-
Can you remove the malware for me?
We understand that dealing with malware can be overwhelming, and you may feel that you don't have the time to fix it yourself. For WordPress websites, we offer our Malware Removal service to help you eliminate malware and abusive content from your website, ensuring its security and full functionality.
You can find more details in this guide: What is Premium Care?
If you'd like to purchase these services, please contact our support team and provide your SFTP password using a Pastebin link, our tool for securely sharing data. -
How can I make my website more secure in the future?
If you're interested in enhancing the security of your WordPress website, check out our guide titled "Improve Security of Your WordPress Site" for useful tips.
-
How can I keep my site clean automatically?
In the future, you can protect your site from getting infected with malware with a paid service and have it also clean up your site. When you search the internet, you'll find many options in several price ranges. We recommend SiteLock, a paid add-on service you can subscribe to via one.com.
SiteLock monitors your site and regularly scans it for known vulnerabilities. If malware is detected, SiteLock Fix can automatically remove it. It's fully integrated with our servers and can be activated directly from the Control Panel.
Check our guide on how to get started: Set up SiteLock security
Note: SiteLock Fix must already be installed and activated before malware is on the website for automatic malware removal.
Related articles: