Help! My Website Is Infected With Malware!
At some point in a developer’s career, they will likely run into a malware issue. Panic may be their first reaction, especially if the malware is disrupting the customer experience on one of their client’s websites. Or worse, the website hosting provider may have shut down the infected website if the level of malware on the site exceeds a threshold!
Malware is a huge topic, and this post is not intended to address every type of malware encountered. Rather, this post discusses mild malware infections and provides guidance on how to identify, fix, and prevent malware.
Identifying Malware
Proactive Method. This is the best method because it involves running malware scanning software before malware is detected. As a developer, if you are taking over the development and/or maintenance of an existing website, scanning the website for malware is a prudent step. Your website hosting provider may provide a malware scanning service, either free or for a monthly or annual fee. If you do not see a free malware service offering, ask the hosting service support team if they can run a one-time malware scan for free. They may accommodate you!
Reactive Method. This is when you become aware that the website is not functioning normally. Malware can manifest itself in many ways. This post from SiteLock lists some common signs of malware along with steps to identify and remove malware. Oftentimes the signs of malware are subtle and can increase over time if not addressed. For example, you may detect that your website is running more slowly than usual, or that you are unable to apply changes without switching themes. Other times the signs may not be so subtle, like an inability to log into a content management system (CMS) dashboard. When you suspect that malware may be present, you should run a malware scan on the website…or better yet, run daily or weekly malware scans automatically!
Malware Detected…Now What?
If you run a malware scan on the website and malware is detected, there are a number of options you can take to remedy the situation. One option is to manually review and fix the infected files that the scanner detected, which can be an arduous process unless you know what you are doing. But if you enjoy challenges and want to become more proficient with detecting and removing malware, there are many articles to help you get started. For example, this article by WPBeginner describes how to identify common backdoors that hackers use to gain access to WordPress sites.
Another option is to run software that removes the malware. Usually, you will need to pay for this service, although there are some free malware removal plugins that you can research. Personally, I’ve used malware removal software from Sucuri with excellent results. I would highly recommend Sucuri for malware monitoring and removal.
Preventing Malware
- Delete Unnecessary Themes and Plugins. If you are using a CMS like WordPress, Drupal, or Joomla!, be careful about themes and plugins that are installed on your site. Even if a theme or plugin is not activated, it can still be an entry point for malware. Delete all themes and plugins that your site does not require.
- Keep Themes and Plugins Up To Date. Oftentimes updates for themes and plugins include security enhancements. Routinely monitor and apply updates to keep them current. If your site uses a theme or plugin that is not updated regularly, consider discontinuing its use.
- Remove Obsolete Logins. Sometimes logins (sometimes referred to as “users” within a CMS) accumulate over time as CMS users come and go. Be sure to remove logins associated with people who should no longer have access to the CMS. And periodically change the passwords for active users.
- Run Daily Malware Scans. Malware is constantly evolving and looking for opportunities to spread. Therefore, it is a good idea to employ a formidable defense in the form of malware monitoring and removal software. As mentioned earlier in this post, Sucuri is one such reputable company that specializes in malware monitoring and removal, and you should research others to determine which service is right for you.
- Keep System Backups. Your web hosting provider may offer automatic system backups free of charge. If not, you can choose from one of several plugins that perform backups for you. That way, if your site does become infected with malware, you can restore the site from a backup as part of an overall remedy process.
Conclusion
If you maintain websites for clients, it’s likely only a matter of time before you will need to deal with malware issues, especially if you maintain websites that were created by others who may not have implemented websites with security precautions in mind. Because malware is constantly evolving and looking for opportunities to infect sites, you should actively apply best practices for securing your clients’ websites so that they are not easy targets.