To begin with, there is no universal solution that will work on every site. There are a million viruses and therefore a million solutions to remove them. Finding a bug is the most difficult thing and for most users it is not even possible.
Steps:
1. Does the site have a virus?
2. How do I identify the problem?
3. How do I clean the site from viruses?
4. How can I protect the site from future viruses?
First of all, does the site have viruses? That's the easiest step. As soon as you are reading this, you probably already know that you have a virus, or your hosting provider said you have a virus, or you noticed it because Google warned you, or you found an online tool by accident.
Regarding online tools you can try:
https://sitecheck.sucuri.net/
or google: Google: scan website from malware
note that they (sucuri.net) charge for site protection and removal so ignore the suggestions they give and just watch the Status message "Status:No Malware Detected by External Scan".
Another possible solution is that the virus entered your computer via the FTP server when you were making some changes. So it is possible that it is not found on the links because online tools (sucuri.net) mostly check only links and the virus can also be a file without an active link.
The best way is to check the files themselves directly. And you can do that through cPanel, by logging in, then going to File Manager and there you can see the list of files on your account. Find your site's folder (most likely it's public_html, if it's not an infected site that was added via an addon domain) and you'll see all the files from that site. Look for the files that were last modified, open those files and if you see in the first line something like:
< ?php eval[(][(]ZXZhbChiYXNlNjRfZGVjb2RlKFpYWmhiQ2h pWVhObE5qUmZaR1ZqYjJSbEtGcFlXbWhpUTJocFd
WaE9iRTVxVW1aYVIxWnFZakpTYkV0R2NGbFhiV2hwVVRKb2NGZFdhRTlpUlRWeFZXMWFZVkl4V25GWmFrcFRZa1YwUmxSdE5XbE5ibEp3VmpCYVlXUX
464]284]364]6]234]342]58]24]31#-%tdz*ws7]67y]37]88y]27]28y]#></cw6Or it may look like normal code, but probably that code downloads some file from some site and uploads it to your account, it's probably a backdoor.
There are various dangers and codes and ways to break security. What is real is yes You can NEVER be completely sure.
Simply put, no matter what you do there is always a risk, but you can certainly reduce the risk. You are probably not the target of a hacker, but the target of bots that roam the Internet and look for a flaw in an already programmed way in connection with some plugin or some theme and look for sites that use it and then spread it further.
If you did not find an infected file, then ask your hosting provider to tell you which file it is in order to solve the problem. If the hosting provider does not want to give you the file, then definitely change the hosting provider.
How do you identify the problem? That's the hardest thing about this whole problem. There can be a million reasons, and the most likely problem is the plugin of the site itself. Whether it is a slider or a contact form is totally irrelevant. It is possible to even have a plugin that is very small and does some very simple things.
One of the solutions is to search plugin by plugin, and to type in google next to the name of the plugin and the word malware or exploit. And if some warnings come out, then it is definitely better not to use it, but to replace it with something more secure.
Another option is to look at the account logs. And to see if there are any deviations from what you do and what you used to do. Probably among the first lines will be some plugin or some file that is potentially a problem.
That's about all you can do, everything else comes down to prevention and cleanup.
How to clean the site from viruses? It is the most extensive work. But as we mentioned for detection, the same principle can also be used for cleaning. You find an online virus detection tool and if it throws out all the links, then the problem is in the code itself and there is a high probability that all the files are infected.
You can also login to cPanel and File Manager to view the latest file changes and open and see if there is a disputed code, if there is, delete the file or if it is a wordpress file, then delete that code. In this case, be careful that it is possible that the virus has been on the account for several days and you have only noticed it now. Therefore, it may be that some files were changed a week ago and are infected, and some were changed today and are infected.
If there is a bigger problem with the virus, most of the PHP files will be infected, so you will not be able to clean the virus simply, but it will be more profitable to delete all the files and start a new installation. You can also restore the backup and then do a preventive measure on the site. With this method, be careful not to get the virus again in a short period of time because most hosting providers will even suspend your account permanently because they will feel that you have not made an effort to fix the problem.
What is recommended is to check if individual files are infected or if they are all. If they are all, you should close the site before anything, thereby preventing any spread of the virus. Then, if they are separate, delete the files and update EVERYTHING.
If all files are infected, then there are two solutions.
- To delete all files and to install a new site with other plugins and theme.
- Restore the backup and try to update the plugins and themes or, if there is no update for the plugin, replace it with a new one.
How to protect the site from the following attacks? In addition to that, as we mentioned, you can't do anything special to update everything. There are plugins that seem to protect the site, but keep in mind that even that plugin that protects you is an additional risk. That is why it is best to use as few plugins as possible and not to download themes from some sites, but to use free ones that are frequently updated or to buy a theme in a legal way because that way you will be able to update it regularly and thus prevent future failures.
Non-stop control of the site in terms of checking the files that are there to make sure there are no errors.
Install a plugin that limits the number of wrong login attempts in wordpress.
Control the update of the plugins you have, whether the authors of those plugins are still updating or have given up, you can check this by seeing whether the authors answer the questions that others have asked and whether the update was made in the last month or two. If the update is not carried out, it is a huge risk for the site itself.
