When creating a website, you should pay special attention to its security. A breach of your site’s security can lead to significant problems. If your site allows user logins, or worse, you have an online shop (e.g., WooCommerce) with a customer database, it could result in a personal data leak and serious consequences, even legal action. In this article, you will learn how to remove pop-up ad malware from a WordPress site.
What’s more, the wide variety of WordPress plugins and themes means that security breaches of this CMS are not uncommon. This is not surprising, considering that there are up to 90,000 attacks on WordPress sites per minute worldwide.
It’s not that WordPress isn’t secure enough – it’s simply the most popular CMS in the world, and therefore the most frequently attacked. Its popularity is so great that, according to the company Sucuri, attacks on the WordPress platform account for 90% of all attacks on CMS systems.
Symptoms of a Malware Infection
To effectively combat malware that has infected your website, you first need to know that your site has been infected at all. Sometimes you may not even realise that your site is infected and is sending spam in the background to thousands of people about pornography or potency pills. In this article, we will help you recognise the symptoms of a malware infection.
One of the most obvious signs of a malware infection on your site is visible changes you didn’t make, or strange meta descriptions in the SERPs (Search Engine Results Pages). Furthermore, a common symptom of infection is pop-ups, adverts, or redirecting users to a completely different, spammy website.
As a WordPress site administrator, you must bear in mind that you cannot see some changes from the back-end (Dashboard). Only users visiting your site will see the annoying pop-ups.
Another very obvious symptom of infection will be the blacklisting of your site by Google. Google may then warn users trying to access your site with a large red alert, and in extreme cases, even remove your site from the Google SERPs.
A website infected with malware may also be taken down by your hosting provider if it is on a shared server, to protect the owners of other websites hosted on the same server.
If your site does not appear in Google search results, or does not open when you type its address into the browser, it is quite possible that it has been infected and removed from the Google index or from your provider’s server.
How to Clean a Website of Malware
Use a Malware Removal Plugin
If you can log in to your WordPress dashboard, the quickest way to get rid of malware is to use plugins designed for this purpose.
Plugins like Wordfence, Sucuri, or iThemes are some of the best plugins for protecting your WordPress-based site.
If you have no experience in administering web servers (Apache, LiteSpeed, Nginx) or Linux, this is the fastest and safest method to combat malware.
Manual Malware Removal
Manually removing malware is time-consuming and, if files are edited or deleted incorrectly, can result in your website becoming completely immobilised. However, if you cannot access the WordPress dashboard to install the necessary plugins, manually searching for and removing malware is often the only option. If you have no experience in this, it is safest to consult a company that does this professionally to avoid causing even more damage.
Create a Site Backup
Before you do anything to remove the malware from your site, first create a backup of the website so that you can restore it in case of complications. Creating backups should become a habit, which will save you a lot of time and stress in case of website problems.
To manually back up your site’s files, log in to your hosting using FTP, SFTP, or via the CyberPanel. Then, compress the contents of the wp-content folder and download the compressed file to your computer’s hard drive.
If your hosting has a snapshot backup option, this is also a good choice, or you can use one of the many WordPress plugins for this purpose.
It will also be necessary to back up the .htaccess file. This file is hidden by default in some file managers, so make sure you have the option to show system files enabled.
It is equally important to back up the database, as this is where most of the information displayed on our site is stored. Bear in mind that some malware can hide in the database itself.
Reinstall WordPress
Before you start looking for malware in your files, install a clean version of WordPress. By installing a fresh version of WordPress from the official website, you can be sure that it is free of malware.
Check the Files
The most difficult part of the task is ahead of you – checking all the WordPress files. This is a tedious and lengthy process, as you will have to check each file and directory one by one to identify infected files.
First, compare all WordPress files with the files from your backup, then proceed to check the theme and plugin files. If you have no experience in creating and editing HTML, CSS, or JavaScript files, it may be very difficult for you to spot suspicious lines of code.
After reviewing all the WordPress files, check the contents of the .htaccess file. This is a very important file, and even after installing a clean version of WordPress, if you have an infected .htaccess file, you may still leave a backdoor open for hackers to reinfect your site with malware.
Finally, after thoroughly checking and cleaning all files, you should also clear your browser and web server cache, as files in the cache can also be infected and reinfect your site.
Reinstall Themes and Plugins
Reinstall clean versions of your themes and plugins. Remember to only install trusted themes and plugins. The truth is that most malware infections are not caused by WordPress itself, but especially by installing poor-quality plugins and themes, or worse, installing them from untrustworthy sources. Such plugins are often already infected at the time of installation.
Reset All WordPress and phpMyAdmin User Passwords
This is an absolutely necessary step when dealing with malware. Often, the weakest link on our website is not WordPress itself, but weak passwords that are easy to guess or break using the Brute Force method. It is also worth checking the list of users on our site to see if there are any suspicious individuals with high privileges who were not there before.
It is also essential to log in to the database via phpMyAdmin and check whether any suspicious users have appeared there who should not be. You should also reset all database passwords, as a person with access to our WordPress database can cause enormous damage and change the content of our site.
Restore Photos and Other Files
After you have finished checking the files, you can restore your photos and other site files.
However, be careful and review the directories one by one before restoring the files. While there is little danger of infecting the site with multimedia files, any JavaScript or PHP file should immediately raise a red flag, as they most likely contain malware. These files should not be in your photo folders.
Checking the Database Backup
Operations on database files are very complicated, and a person without extensive knowledge of how MySQL, PostgreSQL, or MariaDB works will likely do more harm than good. Therefore, if you suspect your WordPress database is infected with malware, it is best to contact a company that handles this professionally.
Summary
Prevention is better than cure. Therefore, if you do not yet have a plugin installed to improve WordPress security, it is high time to download and install one.
Furthermore, it is worth using suitably strong and long passwords to make it harder for hackers to crack them using the Brute Force method.
Keep your WordPress core, themes, and plugins updated. The latest versions usually patch security vulnerabilities found in previous versions.
Leave a Reply