In the unfortunate event that your hosting account or website have been compromised by malware and clean backups are no longer available, it is important to act swiftly to prevent further damage, restore the site, and secure it against future attacks. This guide will walk you through the steps to handle such situations and recommend specialised third-party services for manual malware removal and security hardening.
Step 1: Identify the Infection
Before taking any action, it’s necessary to confirm that your website has been compromised. If you've been contacted by us to notify you that your account is infected, we would attach a malware scan report with a list of infected files.
Other common signs of infection include:
- Unexplained redirects to malicious sites
- New, unfamiliar files or folders
- Sudden website downtime (while our server is online)
- Browser warnings for visitors
- Blacklisting by Google or other search engines
- Unauthorised changes to website content
Step 2: Avoid Using Infected Backups
If the infection has been present for a long time, the available backups may also be infected. Avoid restoring an old backup without verifying that it is clean, as this could reintroduce the malware. You can browse through and restore the file backups in cPanel under "R1Soft Restore Backups". Generally, we keep up to 21 daily backups and 2 end-of-month backups.
Step 3: Seek Professional Help for Malware Removal
If your backups are no longer viable, manual malware removal is essential. While some infections can be easily removed by simply deleting the infected files, advanced infections often require expert intervention. Here are some reputable third-party services that specialise in thorough malware removal and website security hardening:
1. Sucuri
Sucuri offers a complete website malware removal service, including the identification and elimination of infections, blacklist removal, and security hardening. Their team manually removes malware and provides continuous monitoring to prevent future incidents. They also include website firewall services to mitigate attacks going forward.
2. MalCare
MalCare’s automated malware removal tool scans and removes infections from WordPress websites without affecting the website’s performance. It also offers a manual removal service for more complex infections, ensuring that all malware traces are eliminated. MalCare includes a firewall to block future threats and tools to harden your site’s security.
3. SiteLock
SiteLock offers quick, comprehensive malware removal services and ongoing protection. Their experts will scan your website, remove all malware, repair any damage, and ensure that your site is removed from blacklists. Additionally, SiteLock provides proactive monitoring to protect your website from future threats.
Step 4: Harden Your Account's and Website's Security
After the malware has been removed, it’s crucial to strengthen your website’s security to prevent future infections. The third-party services mentioned above offer various security hardening options.
Furthermore, we recommend applying additional steps to secure your hosting account and website by following the steps outlined in our separate article: My WordPress Site Has Been Hacked, What Do I Do?
Step 5: Ongoing Monitoring and Maintenance
Website security is not a one-time fix. Regular monitoring and maintenance are essential to ensure your site remains safe. Most malware removal services offer ongoing monitoring as part of their plans, but you should also implement best practices for security management, such as regular updates of all website components (CMS, plugins, themes), frequent password changes for administrator accounts, etc.
Conclusion
Dealing with a compromised website without clean backups can be daunting, but an experienced web developer and the specialised services mentioned above can help you can safely remove malware and secure your site against future threats. If you're unsure where to start, consider one of the recommended providers like Sucuri, MalCare, or SiteLock for expert assistance.
Updated on 25/10/2024
