One word answer “NO”. This is based on my experience w.r.t cleaning Wordpress (WP) sites against malware attack. Hackers mostly attack CMS based websites i.e. WP and Joomla by inserting malicious links on target website to redirect users to their sites and rank up in the google search results. You may want to call it as “Illegal SEO techniques”.
Hackers mostly target vulnerable plugins, themes installed on a WP website. They tend to include their malicious data in header.php or footer.php present under /wp-content/themes/<theme_name> as it loads up with every page of your website. It’s a smart way to infect full website with just one file. This is usually hard to detect as the malicious data might be encoded or hidden inside an image.
Ideally when a website is hacked there are few steps that need to be performed immediately:
- Replace your website folder with clean copy of website. This will save you from blacklisting by google
- Perform a sucuri malware scan i.e. http://sitecheck.sucuri.net/scanner/ to check if you are already blacklisted
- Inspect your plugins or themes folder for malicious code
- Remove the malicious code from infected file
Once cleaned, next step is to inspect and clean your WP database.
WP Database Inspection
It is equally important to inspect and clean your WP database after you clean WP website files. This is to ensure that the malicious code does not appear again and you have a fully cleaned website. WP database can be accessed using PHPMyAdmin console. Below is the quickest way to do a database inspection:
- Login to PHPMyAdmin console
- Click on database_name in use
- Export your complete database in a .sql format and open it in a text editor
- Do a search for malicious code
In most cases, you will find the malicious code in database. Perform below steps to clean:
- Identify the table and column in which malicious code exists
- Perform PHPMyAdmin search on the infected table and look for the malicious row
- Clean malicious code and click on Save
- Repeat steps 1-3 for every row in the table
Please note you can run a query on full database as well but this will be more time-consuming and effort will be as equal as performing above steps.
On a final note, the most important things to remember if you own a WP site are:
- Backup, backup, backup your website
- Keep your WP version up-to-date
- Have few of the security plugins installed for your WP website
Happy Reading!!!
Perfect post.. thanks for the instructions.
ReplyDeleteHey.. that's a nice and simple post which gives a lot of insight on how malware can be removed from wp sites.
ReplyDeleteI would also like to know if the steps are same for Joomla sites also?
Thanks Ashutosh for your comment.. Yes, steps are same if Joomla is using PHPMyAdmin.. This approach also works for MySQL accessed via cpanel. Hope this clarifies.
ReplyDeleteThanks Nilesh. That clarifies and helped :)
ReplyDelete