How to remove malware from site

Instructions for detecting and eliminating viruses on the site.

If you found this guide, chances are you’ve already encountered problems on your site.

One of the most common problems is the appearance of redirects to third-party sites, when instead of your site you get to a site that is completely unknown to you, with some kind of advertising or other nonsense. Either you can’t enter the admin panel of your site, and instead of the login page you see either an empty page, or when you enter your login and password, it’s not the login that works, but again a redirect to a third-party site.

Either your site has become slow, or you received a spam warning from your host.

How to remove malware or virus from site? 

The first thing to do is to check the site using the Google and Yandex search engines.

Google safe browsing and Yandex site status check.

The second thing you can do is check the site for viruses.
To do this, you can use the following online tools:

    1. Virustotal a convenient and powerful tool, with its help you can check both the site by the link and a separate file by uploading it to the site. The check takes place in many databases (now there are 88 of them), if there is a problem on the site, most likely it will find it.

      2. Dr.WEB antivirus, simple link checking.

      3. PCrisk online check for Malware.

      4. Sucuri online check for malware, viruses, blacklists and more.

      5. Quttera online check for Malware.

      6. UrlScan online site check.

      7. Malcure a simple but rather lengthy site check.

The next step (not necessarily in that order) is to install plugins on the site.

1. Wordfence эthat plugin scans the site for viruses perfectly and has a good firewall. In this case, you can see in the report which file was infected and try to cure or delete it.

2. WP-Optimize this plugin is useful for optimizing the site as a whole, and it will be especially useful to use it after cleaning the site of viruses in order to remove all remaining garbage from the site.

How to remove malware from site if you have access to hosting.

Go to the file manager and check the index.php file in the root of the site. If there are extra pieces of code in it, remove them.

Check the permissions on files and folders, set the correct ones if they have been changed. (folders – 750, files – 640. Except wp-config.php file)

Delete all strange files (only if you understand what should be there and what should not be).

Check the uploads folder and remove all .php files from it. There should never be .php files in the uploads folder!

Through SSH to /wp-content/uploads/ run the command: find . -name “*.php”

Check for eval(), base64_decode(), gzinflate(), str_rot13() functions

via SSH with the find command. -type f -name ‘*.php’ | xargs egrep -i “(mail|fsockopen|pfsockopen|stream\_socket\_client|exec|system|passthru|eval|base64_decode) *(”

Check for backdoored images with find wp-content/uploads -type f -iname ‘*.jpg’ | xargs grep -i php and find . -type f -name ‘*.php’ | grep -i ‘<iframe’

Check the database.

Log into the SQL database via phpMyAdmin and check if there are any extra users.

You can use deep checking.

Virusdie a high-quality and powerful tool for detecting problems and treating the site. To check the site, you need to install it in the root of the site (you will need access to hosting). Limitations in the free version – the ability to check the site only once a month.

If you can’t clean the site from viruses yourself, write to me and I will do the job.