Your website has been hijacked. You found out when a client called and said your website was flagged as malicious on Google, in their browser, or by their anti-malware application. After you get over the initial shock, embarrassment, and anger, you wonder what you need to do next. How do you get your website cleaned up and your Internet reputation restored?
The first question is this: is your site really compromised? There is a free URL and website malware scanning tool at URLquery. Go ahead and try it out on your website before you get too involved cleaning your site.
- Change your passwords. Change all your user passwords, and if you are using the default admin account, create a new account with administrative rights, and disable the default admin account.
- Restore from backup. You first have to determine when your site was inflected. The best way to repair your site is to restore it from a backup. This can be easy if you have been using a backup plugin such as Updraft Plus, or something similar. Choose a backup that was made sometime before your site was hijacked, and restore it to your web server.
If that isn’t an option, or if it doesn’t solve your problem:
- Clean your site with your security plugin. If you are using WordFence, Bulletproof, or a similar plug-in:
- Upgrade to the latest version of your security plugin.
- Upgrade all your themes and plugins.
- Change all passwords
- Make a new backup (of the compromised site) and store it separately. This gives you a safe way back if things go wrong.
- Run a scan of everything. You may need to make some settings changes to include everything. Expect this scan to take some time. This should result in a list of compromised files.
- Work through the list. Make the necessary modifications or deletions.
- Scan again to see if your site is clean.
- Professional site cleaning service. If this all seems a bit daunting, it is. You may decide to pursue professional assistance. Many web hosts can provide this service, as well as most of the security plugin providers, such as WordFence.
Here are some additional cleaning methods from the Wordfence website.
- Removing Malicious Redirects From Your Site
- Finding and Removing Backdoors
- Removing Spam Pages From WordPress Sites
- Finding and Removing Spam Links
- Removing Phishing Pages From WordPress Sites
- Removing Malicious Mailer Code From Your Site
- Finding and Removing Malicious File Uploaders
- WordPress Defacement Page Removal
- How to Remove Suspicious Code From WordPress Sites
You may need to get your site removed from the Google Safe Browsing List, and sites like McAfee Site Advisor. You will need to approach each service individually and follow their instructions. For Google:
- Sign-in to Google Webmaster Tools.
- Add your site if it isn’t already listed.
- Verify your site, following Google’s instructions.
- On the Webmaster Tools home page, select your site.
- Click Site status, and then click Malware.
- Click Request a review.
If this article hasn’t convinced you about the importance of web site security, nothing will. We encourage you to set up security for your web site and web hosting account, including our old standbys of long passwords and two-factor authentication.
- Wordfence – How to clean a site with WordFence
- Wordfence – Guides to clean a hacked website
- URLquery website malware scanning