[email protected]
The cart is empty
How to Remove Malware from Your Website

How to Remove Malware from Your Website

How to Remove Malware from Your Website

A compromised website is a serious issue, and if it's not addressed quickly, the web host may need to take steps to prevent the site from harming the host, other customers, and users across the internet. Often, outdated open-source systems like CMS platforms (Wordpress, Drupal, or Joomla) are targeted. Removing malware from a website involves two main steps: cleaning the site and ensuring the issue doesn't recur. Although dealing with malware may seem complex, even moderately experienced internet users can handle it with the following guidance.

  1. Identifying the Problem

    • Google Webmaster Tools

      You can use various web scanners to identify the problem, or you can find it manually. First, add your infected website to Google Webmaster Tools. After adding and verifying the site, Google Webmaster Tools will inform you within 24 hours in the "Malware" section about which files are infected. Once you've cleaned the site, you can request a new diagnostic. If the new diagnostic shows no malware, Google will stop displaying warnings for your site. Based on our experience, Google Webmaster Tools can detect approximately 70% of malware on a site.

    • Log Analysis

      Every hosting service generates error_log and access_log files. If you can't find them, your web host might have disabled them. Request that they be activated. If your site is sending a large amount of spam, one or more pages are often accessed repeatedly. In the access_log, you can find which pages were accessed and visually identify any page that was accessed more frequently than others.

    • Searching Files by Date

      Once you've identified a frequently accessed page in the access_log, it doesn't mean there are no other infected pages. For example, we once removed 12 different types of malware from a WordPress site. Now, you need to browse the website's directories and locate files that have been modified. Most FTP clients can sort files by date, which speeds up the search. Files with the most recent dates should be opened and examined for malicious code. Typically, infected files will contain a code string at the beginning, such as eval(gzinflate(base64_decode(, etc.

  2. Resolving the Issue

    In the first step, you have identified all infected files. From the analysis, determine which components, modules, and plugins are affected, and proceed with cleaning them.

    • The easiest method is to restore the website from a backup if you have one, and then secure the website.
    • Alternatively, you can manually go through each file, remove the unwanted code, and then secure the site.

  3. Preventing Future Issues

    After restoring the site or removing malicious code, you must:

    • Update the CMS to the latest stable version.
    • Update or remove the compromised components, modules, and plugins.
    • Secure files using chmod settings. Files should have a maximum chmod of 644, directories a maximum of 755, and the root directory of the site should be set to 710.
    • Restrict access to administration and other sensitive areas by limiting IP addresses. Learn more about limiting access: HERE.
    • Disable unnecessary hosting functions that could be sources of problems, such as php mail(). You can block this function by adding disable_functions = mail to .htaccess or php.ini. Other services you might deactivate include exec, system, and passthru.

Removing malware from a website requires some effort, but any moderately experienced internet user can handle it. For clients on our hosting or those considering switching to MyDreams hosting, we offer free professional consultations.