Malware, short for malicious software, refers to software or code developed by cyber criminals (hackers) and designed to harm, exploit, or gain unauthorized access to computer systems, networks, or devices. The intention is to cause damage, steal information, or gain control over the compromised system.
Malware is placed somewhere on the site, either by editing existing files or adding new ones. Because every hack is different, it's a matter of looking through the website files and figuring out what's not supposed to be there. In this article, we will help you get started.
Tip: Make sure you have a backup of your site before you start removing malware. In case something goes wrong, you still have all your files. You can manually backup with File Manager, or use our Backup & Restore function.
- Remove malware from a CMS like WordPress or Joomla
- Remove malware from other files
- Remove malware from httpd.private or tmp folders
- Keep your site clean automatically
Remove malware from a CMS like WordPress or Joomla
If your website is made with a CMS, then a good place to start is the original installation files since they are not infected and are available to download.
Tip: Is your website made with WordPress? Then we recommend doing a manual update. Our step-by-step guide update WordPress manually can help you with this.
- Open the list of files that contain malware. This list is sent by email to the contact email address. You can also find it in the one.com Control Panel or contact our support to request one.
- Download the installation files for your CMS. Make sure it's the same version as what you have installed.
You can find the files for the different CMS here:
Open the installation files on your computer and compare them with the list of infected files in File Manager. Check for each file which of the following situations applies and take the corresponding action:
- If the infected file doesn't exist in the installation files and it's not part of an extension or template, then it's probably malware and can be removed completely.
- If the infected file is part of the installation files, then you can replace it with the corresponding file from the installation that you just downloaded.
- If the configuration file with your database connection details is infected (configuration.php, wp-config.php), then you need to make sure you add the login details for your database.
- If the infected file is part of a plugin, extension, template, or another module you have added to your CMS, you can remove the file and reinstall the plugin later.
- After you have gone through all the files and either replaced or deleted them, you need to make sure that your CMS is up-to-date. The core installation and all plugins, themes, extensions and additions must be set to the latest version.
Remove malware from other files
In some cases, you need to remove the malware code from the file, for example, if your website is custom-made. Unless you are familiar with coding, it will be difficult to recognise what is malware and what isn't. Check the screenshot below for an example.
- In most cases, malware code is added at the top or the bottom of the file.
- Malware often consists of long text strings that appear longer than the rest of the code in the file.
- We recommend editing the file in File Manager because it shows the syntax in colours, which makes it easier to spot what part of the code looks out of place.
- When you have located the malware, remove it from the file and click Save in the top-left corner.
Remove malware from httpd.private or tmp folders
Sometimes malware-infected files can end up in folders on the web space that aren't accessible from an FTP connection or our File Manager. In these cases, you have to connect to your web space using SFTP or SSH instead to be able to remove the files.
Keep your site clean automatically
In the future, you can protect your site from getting infected with malware with a paid service and have it also clean up your site. When you search the internet, you'll find many options in several price ranges. We recommend SiteLock, a paid add-on service you can subscribe to via one.com.
SiteLock monitors your site and regularly scans it for known vulnerabilities. If malware is detected, SiteLock Fix can automatically remove it. It's fully integrated with our servers and can be activated directly from the Control Panel.
- Check our guide on how to get started: Set up SiteLock security
Note: SiteLock Fix must already be installed and activated before malware is on the website for automatic malware removal.