// Site under control after hacking

Treating a website from viruses and malicious code

Search for infections, clean files and databases, check users, CMS, plugins, hosting and VPS/VDS. After cleaning, it is important to close the cause of the hack so that the virus does not return in a few days.

Diagnostics

Checking symptoms, files, database, users, CMS, extensions, logs and hosting.

Cleaning

Removing malicious code, suspicious files, injections and infected fragments.

Protection

Updates, passwords, file rights, users, admin, SSL, backups and basic protection.

Control

Check after cleaning: pages, forms, indexing, Google, errors and repeated symptoms.

// When an urgent check is needed

A virus on a website rarely looks like one obvious mistake

The website may open, but already send spam, replace links, create hidden pages, show ads, redirect visitors, or receive a warning from Google. Therefore, it is important to look not only for visible symptoms, but also for the cause of the infection.

Google Alert

Browser or search indicates that the website is dangerous, contains malware, or is misleading to visitors.

Hidden pages

Foreign pages, Japanese spam, pharmaceutical texts, casinos, unclear URLs or external links appear in the index.

Redirects and advertising

Visitors are transferred to other websites, advertisements pop up, or the website behaves differently for the administrator and the client.

Unknown users

New accounts, strange access rights, new FTP/SFTP users or changed passwords appear in the admin panel.

Suspicious files

Incomprehensible PHP files, changed index.php, strange folders, web shell or injections into the template appear on the hosting.

Spam and email

The website is sending out emails, the hosting is blocking sending, the domain is classified as spam, or the forms are working strangely.

// Cleaning and protection after hacking

Removing the virus is not enough. We need to close the path through which he got to the website

If you simply delete a found malicious file, the website may become infected again. Therefore, I check not only the symptoms, but also the vulnerabilities: CMS, plugins, theme, users, passwords, file permissions, database, hosting and server settings.

Before cleaning, I record the state of the website and check whether there is a working backup or a rollback option.
I look for malicious code in files, database, template, plugins, downloads, cron tasks and users.
After cleaning, I update vulnerable parts and give clear recommendations for regular maintenance.
WordPress Joomla PrestaShop Custom PHP Hosting VPS/VDS Database Google Search Console
Website malware cleanup and post-hack protection process

// How the work goes

First control, then cleaning

When infected, it is important not to act chaotically. The website needs to be cleaned so that it remains operational and the source of the hack is closed.

01

Diagnostics

Symptoms, files, database, CMS, extensions, users, accesses, logs, hosting or VPS.

02

Copy

I record the current state and check the backup so as not to lose the working part of the website.

03

Cleaning

I remove malicious code, injections, suspicious files, unnecessary users and traces of hacking.

04

Closing the entrance

Updates, passwords, file permissions, vulnerable plugins, theme, SMTP, SSL and server settings.

05

Check

Pages, forms, indexing, Google, errors, email, speed and recommendations for further protection.

// Why the infection returns

Cleaning without maintenance often solves the problem only temporarily

  • CMS or plugins have not been updated for a long time
  • Unknown user left
  • Passwords were not changed after hacking
  • Incorrect file permissions on hosting
  • Malicious insertions remain in the database
  • Old template contains vulnerable code
  • No regular backups and monitoring
  • VPS/VDS is not updated or verified
  • Email and forms are configured insecurely
  • The cause of the hack was not found, but only the symptoms were removed

// Application

If the website is infected, let's start with diagnostics

Send a link to the website and briefly describe the symptoms: Google warning, redirects, spam, unknown files, strange pages, problems with forms or hosting blocking. I'll see what to check first.

Request an audit

// FAQ

Frequently asked questions about treating a website for viruses

What to do if the website is infected with a virus?

It is better not to continue editing blindly and not to delete random files. You need to record symptoms, make a copy of the current state, check files, database, users, CMS, extensions and hosting access.

Is it possible to remove a virus without losing the website?

Most often, yes. The task is not to erase everything suspicious, but to carefully find malicious code, save working files, clean the database and check that the website opens normally after cleaning.

What to do if Google shows a warning about an unsafe website?

First you need to clean the website and close the cause of the infection. After this, you can submit the website for re-verification in Google Search Console. If the source of the problem is not removed, the warning may return.

Why did the virus return after the last cleaning?

Usually because they deleted only visible files, but did not close the login: an old plugin, a vulnerable theme, an unknown user, a weak password, incorrect file permissions, an infected database or a hosting problem.

Which websites can be treated?

You can work with WordPress, Joomla, PrestaShop, self-written PHP websites and websites on regular hosting or VPS/VDS. The approach depends on the CMS, file structure, access and backup status.

Do I need access to hosting or VPS?

Yes, for complete cleaning you almost always need access to hosting, file manager or SFTP/FTP, database and website admin. VPS/VDS may require SSH access and control panel data.

Is it possible to restore a website from a backup?

Yes, if you have a clean and up-to-date backup. But simply rolling back the website is not enough: you need to understand how the infection occurred, update vulnerable parts and check access, otherwise the problem may recur.

How long does it take to treat a website?

Depends on the size of the website, CMS, number of files, state of the database, hosting and depth of infection. A small website can sometimes be cleaned quickly, but a complex store or an old homemade website requires more careful diagnostics.

What is included in the protection after cleaning?

After removing malicious code, it is important to update the CMS and extensions, change passwords, check users, file permissions, backups, SSL, email, basic admin protection and recommendations for regular maintenance.

Is it possible to take the website for maintenance after cleaning?

Yes. This is the most reasonable next step: regular updates, backups, monitoring, security checks and minor edits reduce the risk of re-infection and make the website easier to use.