How To Fix Malware Infected WordPress Website?

Question

How to fix malware infected wordpress website? Looking for advice from WordPress Security Experts. I have found some malware in my WP-content folder. As well my site has been throwing 503 errors. I’ve deactivated plugins to test, everything is up to date, still no improvement. Also talked to my hosting provider. I have removed three malware files. I suspect the two things are related. I’m thinking the easiest solution, is to move my site onto another empty hosting account I have for wordpress that has not been activated yet. Wondering if I am at risk of bringing the data/content over? Or do I need to rebuild manually? I am on a shared hosting, which I know isn’t the greatest. Using OCEANWP, THRIVE ARCHITECT and LEARNDASH. Thank you for your advice! Trying not to spend a pile of cash fixing this.

I was thinking if the 503 errors were not related to the malware then it is a host issue. I’m with GODADDY. I have looked at sucuri plans…just have trouble with the $200 price as I am not making an income yet (I’m in Canada and that is closer to $270). I did have security plugin on my site. Reverting maybe a possibility, does that revert the core too? I have been actively building a course so would lose a lot of that work, but may be better than rebuilding everything.

solved 0
Diane Martin 1 month 2 Answers 0

Answers ( 2 )

  1. Migrating to another host won’t solve your problem. The only solution is to get your site “cleaned” by professional website cleaners like Sucuri, Malcare, WordFence. Alternatively you could try reverting your site to an earlier “clean” state from backups. Ask your host. There is nothing “wrong” per se with shared hosting if it is done by a reputable company.

    Use Sucuri Site Scan before. If you want move your site in fact don’t move anything, install a new version wp , theme, plugins. save you database alone (with db tools) . save your uploads (just the picture and pdf) alone, if you can do it with ftp without plugins it’s better. save your child theme alone. you need scan this tree files with anti-virus before restore them on new folders. Each time scan with Sucuri.

    503 is a server error that may or may not be caused by being on a cheap, second rate hosting company like GoDaddy. Reverting will revert everything including core, which isn’t a big deal because you just hit the “update to latest version” button. Losing content is the real issue. So which is your cheapest way out? $200 or recreating your content? Good luck.

    Best answer
    0

    Hi Diane, Just a quick note to say that I read this thread through and my guess is that you weren’t hacked. Silence is Golden is WordPress’s way of telling you everything is a-ok. If there’s actually code in your index file then you have a problem. You should never, under any circumstances, remove or alter your index.php file because it can leave you open to attack. 503 errors are server unavailable errors and most frequently occur on shared hosting when the demand for resources by your site are too much for the server. One of the best ways to get rid of 503 errors is to make sure your site is well optimized. You can run a test on GTMetrix to check optimization and follow the suggestions to get better performance. Having Sucuri on your site is a pretty good indicator that you weren’t hacked. If you’ve removed files from WordPress core, restore them – the best way to do this is to download a copy of WordPress to your desktop, unzip it and upload everything except WP Content to your server via FTP.

Leave an answer

Captcha Click on image to update the captcha .