// Site under control after hacking
Treating a website from viruses and malicious code
Search for infections, clean files and databases, check users, CMS, plugins, hosting and VPS/VDS. After cleaning, it is important to close the cause of the hack so that the virus does not return in a few days.
Diagnostics
Checking symptoms, files, database, users, CMS, extensions, logs and hosting.
Cleaning
Removing malicious code, suspicious files, injections and infected fragments.
Protection
Updates, passwords, file rights, users, admin, SSL, backups and basic protection.
Control
Check after cleaning: pages, forms, indexing, Google, errors and repeated symptoms.
// When an urgent check is needed
A virus on a website rarely looks like one obvious mistake
The website may open, but already send spam, replace links, create hidden pages, show ads, redirect visitors, or receive a warning from Google. Therefore, it is important to look not only for visible symptoms, but also for the cause of the infection.
Google Alert
Browser or search indicates that the website is dangerous, contains malware, or is misleading to visitors.
Hidden pages
Foreign pages, Japanese spam, pharmaceutical texts, casinos, unclear URLs or external links appear in the index.
Redirects and advertising
Visitors are transferred to other websites, advertisements pop up, or the website behaves differently for the administrator and the client.
Unknown users
New accounts, strange access rights, new FTP/SFTP users or changed passwords appear in the admin panel.
Suspicious files
Incomprehensible PHP files, changed index.php, strange folders, web shell or injections into the template appear on the hosting.
Spam and email
The website is sending out emails, the hosting is blocking sending, the domain is classified as spam, or the forms are working strangely.
// Cleaning and protection after hacking
Removing the virus is not enough. We need to close the path through which he got to the website
If you simply delete a found malicious file, the website may become infected again. Therefore, I check not only the symptoms, but also the vulnerabilities: CMS, plugins, theme, users, passwords, file permissions, database, hosting and server settings.
// How the work goes
First control, then cleaning
When infected, it is important not to act chaotically. The website needs to be cleaned so that it remains operational and the source of the hack is closed.
Diagnostics
Symptoms, files, database, CMS, extensions, users, accesses, logs, hosting or VPS.
Copy
I record the current state and check the backup so as not to lose the working part of the website.
Cleaning
I remove malicious code, injections, suspicious files, unnecessary users and traces of hacking.
Closing the entrance
Updates, passwords, file permissions, vulnerable plugins, theme, SMTP, SSL and server settings.
Check
Pages, forms, indexing, Google, errors, email, speed and recommendations for further protection.
// Why the infection returns
Cleaning without maintenance often solves the problem only temporarily
- CMS or plugins have not been updated for a long time
- Unknown user left
- Passwords were not changed after hacking
- Incorrect file permissions on hosting
- Malicious insertions remain in the database
- Old template contains vulnerable code
- No regular backups and monitoring
- VPS/VDS is not updated or verified
- Email and forms are configured insecurely
- The cause of the hack was not found, but only the symptoms were removed
// Application
If the website is infected, let's start with diagnostics
Send a link to the website and briefly describe the symptoms: Google warning, redirects, spam, unknown files, strange pages, problems with forms or hosting blocking. I'll see what to check first.
// FAQ
Frequently asked questions about treating a website for viruses
What to do if the website is infected with a virus?
It is better not to continue editing blindly and not to delete random files. You need to record symptoms, make a copy of the current state, check files, database, users, CMS, extensions and hosting access.
Is it possible to remove a virus without losing the website?
Most often, yes. The task is not to erase everything suspicious, but to carefully find malicious code, save working files, clean the database and check that the website opens normally after cleaning.
What to do if Google shows a warning about an unsafe website?
First you need to clean the website and close the cause of the infection. After this, you can submit the website for re-verification in Google Search Console. If the source of the problem is not removed, the warning may return.
Why did the virus return after the last cleaning?
Usually because they deleted only visible files, but did not close the login: an old plugin, a vulnerable theme, an unknown user, a weak password, incorrect file permissions, an infected database or a hosting problem.
Which websites can be treated?
You can work with WordPress, Joomla, PrestaShop, self-written PHP websites and websites on regular hosting or VPS/VDS. The approach depends on the CMS, file structure, access and backup status.
Do I need access to hosting or VPS?
Yes, for complete cleaning you almost always need access to hosting, file manager or SFTP/FTP, database and website admin. VPS/VDS may require SSH access and control panel data.
Is it possible to restore a website from a backup?
Yes, if you have a clean and up-to-date backup. But simply rolling back the website is not enough: you need to understand how the infection occurred, update vulnerable parts and check access, otherwise the problem may recur.
How long does it take to treat a website?
Depends on the size of the website, CMS, number of files, state of the database, hosting and depth of infection. A small website can sometimes be cleaned quickly, but a complex store or an old homemade website requires more careful diagnostics.
What is included in the protection after cleaning?
After removing malicious code, it is important to update the CMS and extensions, change passwords, check users, file permissions, backups, SSL, email, basic admin protection and recommendations for regular maintenance.
Is it possible to take the website for maintenance after cleaning?
Yes. This is the most reasonable next step: regular updates, backups, monitoring, security checks and minor edits reduce the risk of re-infection and make the website easier to use.