Symptoms of Malware
First of all, you might see obvious symptoms like your homepage getting replaced by a scary message about downloading spyware or having your financial information exposed. Or maybe something as simple as your site loading very slowly. However, it’s quite possible for malware infection to occur without any noticeable symptoms at all. If you’re not sure whether or not your WordPress site has been hacked, here are some common signs.
1) You can never access your admin dashboard even though you know that username and password is correct
2) You receive error messages while trying to access a certain webpage on your WordPress website
3) Your website has been down/inaccessible for more than 12 hours straight
4) Your website loads extremely slow after login into the backend panel
5) Your Google Analytics stats have changed overnight
Finding the Malware
The first thing you’ll want to do is search your WordPress install for malware. There are a few ways you can do that, from directly searching your database to using plugins and other tools. If you use an unmanaged hosting service or a web host that doesn’t allow for database access, you’ll need to use another method.
To find malware without writing a single line of code, head over to Sucuri SiteCheck. Sucuri allows for an external scan of the website, especially when you are incapable of accessing the backend of your WordPress site.
If you are able to access your WordPress Dashboard and install plugins, a free WordPress security plugin, Wordfence can assist you with a basic scan.
Resetting Your Password
If you’re unable to log in and your WordPress website is giving you an HTTP error, then your login credentials are likely no longer valid. To change your password, click Lost your password? on any WordPress login page. Next, type in your username and email address into the corresponding fields—this will automatically send you a password reset email. Depending on the level of the compromise this may not work. The next best option would be to reset your password from the database if you are able to access it. Here is documentation on how to go about changing your password through the database.
Restore from Backup
One of the easiest ways to get rid of some basic malware is to restore your site backup. Now, depending on the level, the website was compromised, this may not be of help as some of the root files of WordPress may be affected, in which case the root of the WordPress must be reinstalled, and the website backups along with the database backups will need to be restored on the new installation.
This will place your website in its exact previous state and allow you to see whether it’s still infected or not. For this purpose, it is a good idea to make sure to create daily backups or weekly ones at a minimum.
Prevent it from Happening Again
To prevent your website from getting hacked again, there are several steps you can take. First, remove all traces of infection by cleaning up and scanning your site for malware. Be sure to keep all WordPress plugins up-to-date; new vulnerabilities are found in plugins every day, making them prime targets for hackers looking for vulnerable sites. Make sure you have a good backup system that is regularly updated.
If you need help assessing the impact of these changes on your business contact us and we will be happy to help you prepare for the upcoming updates.