• Removing Malware from a WordPress blog

    Malware is a type of software that attempts to steal your personal information or use your computer to do things that you do not intend. Malware infections quite often lead to harsh consequences, causing victim’s computer become slow or unresponsive. Malware is usually spyware, deceptive adware, etc. Common malwares are free screen savers that secretly generate advertisements, malicious web browser toolbars that take your browser to different pages than the ones you expect or could be key logger programs that can transmit your personal data to others.

    There are three basic steps to restoring and maintaining a clean website:

    1. Identifying badware behavior

    The first step to keeping your website badware-free is to check for any badware or badware behaviors that may already be on your site. The three most common forms of malware seen on a compromised sites are:

    • Malicious scripts
    • .htaccess redirects
    • Hidden iframes

    Malicious scripts

    Malicious scripts are often used to redirect site visitors to a different website and/or load badware from another source. These scripts will often be injected by an attacker into the content of your web pages, or sometimes into other files on your server, such as images and PDFs. Sometimes, instead of injecting the entire script into your web pages, the attacker will only inject a pointer to a .js or other file that the attacker saves in a directory on your web server.

    .htaccess redirects

    Attackers will sometimes modify an existing .htaccess file on your web server or upload new .htaccess files to your web server containing instructions to redirect users to other websites, often ones that lead to badware downloads or fraudulent product sales.

    Hidden iframes

    An iframe is a section of a web page that loads content from another page or site. Attackers will often inject malicious iframes into a web page or other file on your server. Often, these iframes will be configured so they don’t show up on the web page when someone visits the page, but the malicious content they are loading will still load, hidden from the visitor’s view.


    2. Removing the malware behavior

    Once you have located the code that is causing the badware behavior, removing it is often as simple as deleting the offending code from all files in which it appears. Sometimes, it is easier, if you have a clean backup of your site’s contents, to re-upload all of the site’s files, though be careful about overwriting files that may have changed since your last backup. In some cases, the bad content may be stored in one or more database records, in which case restoring a recent backup of the database or manually editing the relevant records may be necessary.

    There are some third-party WordPress plugins used to clean malwares from the websites, some of them are listed below.

    i)      Wordfence – scans your site for viruses, malware, trojans, malicious links, protects your site against scrapers, aggressive robots, fake Googlebots, protects against brute force attacks, It Constantly scans your posts, pages, comments and plugins for malware URL’s, Send email alerts and notification while detecting any loop hole, plugin update, code change in FTP file and much much more.

    ii)    Exploit Scanner – This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.

    3. Preventing future infection

    After removing all the malicious code. There are some steps to take to prevent from future hack.

    1. Change your all passwords related to the account. IE, Reset your FTP and WP Admin account passwords.

    2. Upgrade the wordpress to the latest version.

    3. Update the Files and Folder permissions on FTP so as general it should be –

    • Folders (directories): chmod 755
    • Files: chmod 644
    • Your wp-config.php file: chmod 400

    Finally upgrade the timthumb (if any) to the latest version, or update the theme to the latest version. grab the timthumb from http://code.google.com/p/timthumb/

    Once you make sure that the site is clean, submit site review in the Google webmaster tool, to remove the warning.

    If you find this article interesting you also may want to check out the following blog articles: “Consequences of your website being blacklisted by Google” and “How to change WordPress password without having the access to wp-admin”.

    Let us know what you think and want to learn about website security and malware! Connect With us on Google+ , Twitter and Facebook or even LinkedIn!

    If you liked this article let your friends, colleagues and family know and share it with them. Thank you!

    • […] find this article interesting you also may want to check out the following blog articles: “Removing Malware from a WordPress blog” and “Consequences of your website being blacklisted by […]

      Posted by stopthehacker.com | Quick tips for removing malware from Joomla on February 8th